On Sun, Jan 06, 2002 at 01:04:37PM -0800, Vadim Zaliva wrote:
> 2. Challenge-Response
>
> I do not know yet how to implement this. Advice appreciated.
>
> 4. RSA keys
>
> Similar to SSH. I understand that OpenSSL protocol does not have
> specific support for this, so it have to be written on top of it,
> after SSL connection is established. I guess server have to send some
> token signed with its key, which client have to send back signed with
> its. Checking signatures would ensure identity of both.
I did something like this in openSSL, but had to write basic RSA enc/dec routines. Its
quite straight forward with the power of OpenSSL. I used a BIO to feed my own RSA key
into an RSA struct.
from the ssh man pages
When the user logs in, the ssh program tells the server
which key pair it would like to use for authentication. The server
checks if this key is permitted, and if so, sends the user (actually the
ssh program running on behalf of the user) a challenge, a random number,
encrypted by the user's public key. The challenge can only be decrypted
using the proper private key. The user's client then decrypts the chal
lenge using the private key, proving that he/she knows the private key
but without disclosing it to the server.
Kind Regards
Crispin
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
