Am Montag, 11. Februar 2008 14:22:39 schrieb [EMAIL PROTECTED]: > Hello, > > > I writing a TLS server application. That is the easy part. > > The server certificate is on a smart card. So I get only the public key > > and > > > the certificate but not the private key from the smart card. > > So I have to decrypt everything in the TLS handshake, which is encrypted > > with > > > server public key (the premaster secret), with the smart card . > > So my question is: How can I control the TLS handshake in openssl so, > > that the > > > premaster secrete is decypted with the smart card. > > In SSL/TLS you encrypt pre_master_secret with server certificate. > For that, you do not need smartcard, TLS server will send you certificate > and (after verification) you (client) encrypt generated pre_master_secret > with server public key send to you by server with certificate. > You may use smartcard if TLS server requires client verification, then > your (client) private key from smartcard is used to prove your identity. > > Best regards, > -- > Marek Marcola <[EMAIL PROTECTED]> > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED]
Here the server is using the smart card and the smart card holds the server certificate and the private key. So the server got the server cert from the smart card and sends it to the client. The client encrypts the pre_master_secret with the public key and sends it to the server. Now the server must use the smart card because the servers private key is only on the smart card. Best regards, Lars Kühl ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
