On Sun, Jan 06, 2002 at 01:04:37PM -0800, Vadim Zaliva wrote: > 2. Challenge-Response > > I do not know yet how to implement this. Advice appreciated. > > 4. RSA keys > > Similar to SSH. I understand that OpenSSL protocol does not have > specific support for this, so it have to be written on top of it, > after SSL connection is established. I guess server have to send some > token signed with its key, which client have to send back signed with > its. Checking signatures would ensure identity of both.
I did something like this in openSSL, but had to write basic RSA enc/dec routines. Its quite straight forward with the power of OpenSSL. I used a BIO to feed my own RSA key into an RSA struct. from the ssh man pages When the user logs in, the ssh program tells the server which key pair it would like to use for authentication. The server checks if this key is permitted, and if so, sends the user (actually the ssh program running on behalf of the user) a challenge, a random number, encrypted by the user's public key. The challenge can only be decrypted using the proper private key. The user's client then decrypts the chal lenge using the private key, proving that he/she knows the private key but without disclosing it to the server. Kind Regards Crispin ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]