WEll, I understand the SSH way as I use it regularly, but I'm having a hard time finding documentation and examples on the SSL way to do this.
Do you have any code examples, or know where I might find some? I managed to figure out how to do DH matching, which gives me encryption but no authentication. I also managed to figure out full certificate work with RSA, but (as I said) it seemed to require the Key, CErtificate, & Password on both ends. On 2/13/07, Marek Marcola <[EMAIL PROTECTED]> wrote:
Hello, > But one thing I don't understand is why both the RSA Private Key & > Certificate must exist on both ends of the connection. I'm used to > using RSA & DSA keypairs in SSH, and had assumed something similar > would work here. I *thought* that the Private Key would exist on the > Server, while the Certificate would exist on the client, and the > password would be entered on the client. As it stands now, however, > it seems I have to have the Key, Certificate, and Password on Both > Ends. Is this right? Server RSA key and certificate is used to exchange pre_shared_secret between client and server (client encrypts generated pre_master_secret with server certificate and sends this to server, server decrypts this with its private key). Next pre_master_secret is used to generate master_secret, key_material, passwords ... Client RSA key and certificate is only used to authenticate client by server. You may configure server to not authenticate client and then client RSA key/certificate is not required. In ssh you may choose to use RSA authentication too and then you need to generate key pair (private and public) on client (ssh-keygen) and transfer public key to server to proper location (user authorized_keys file). Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
-- ---------------------------------------- Randall Hand Visualization Scientist ERDC MSRC-ITL
