> > Ok, so if it is not a problem if the cetifiacte is intercepted, how to "prove > that you are the party the certificate was issued to by demonstrating > possession of the private key " ? > Is it a special configuration the VPN ? > > thx > david >
You now have a public key, anything you encrypt with the public key can only be decrypted with that party's private key. This is the point where the session encryption is negotiated. A "this session only" encryption algorithm, randomly selected based on the random-number generator, is proposed, the proposal is encrypted with the public key and sent to other party. If he can successfully decode it, and reply to you using the new encryption algorithm that now only you and he know ... he must have the private key. That's a simplistic explanation but I think covers the gist of the transaction. Ragnar ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
