On Sat, Jan 7, 2012 at 4:12 PM, Manish Jain <invalid.poin...@gmail.com> wrote: > > Hello Michael/Anyone Else, > > Can you be kind enough to please point me to some place/URL where I can get > a bit more information about how the key is negotiated upon ? > > I have gone through a a couple of write-ups on OpenSSL which throw light > upon everything else except for this vital piece of information.
http://en.wikipedia.org/wiki/Transport_Layer_Security > > > Thanks & Regards > Manish Jain > > > > On 07-Jan-12 19:23, Michael S. Zick wrote: >> >> On Sat January 7 2012, Manish Jain wrote: >>> >>> >>> Hi, >>> >>> I am new to OpenSSL and am trying to prepare some illustrative >>> documentation on how it works. >>> >>> AFAIK, OpenSSL uses the concept of a pair of keys per host : one is a >>> private key which is never communicated to any other host, and the other >>> is a public key which is transmitted to the peer (the other party). The >>> client uses the public key of the server (contained in the server's >>> certificate) to encrypt its communication, which can only be decrypted >>> with the server's private key. Please correct me if I am wrong. >>> >> >> That is the essence of what happens and by that the client knows >> that it is communicating with the server it intended to reach >> (authentication). >> >>> Now the question is : when the server sends data to the client, what key >>> does it use for encryption ? >>> >> >> The general answer is: The client and server establish a shared key >> for that propose early in the protocol. >> >>> Does the client communicate its public key >>> to the server (at some initial stage) which the server uses for >>> encryption ? >>> >> >> If the communications set up between the two requires client >> authentication. >> In many cases the client remains a stranger to the server >> (un-authenticated). >> >>> If yes, what if the client does not have a pair of >>> public/private keys ? >>> >> >> The usual case for public web browsing using https and some other >> protocols. >> The client remains a stranger to the server. >> >>> The question arises because it does not seem logical that the server >>> would its private key for encrypting data to be sent to the client. >>> Else, snoopers who might have picked the public key could decrypt the >>> data too. >>> >> >> There is an early stage in nearly all protocols, called: key agreement >> where the client and server agree on a key without exchanging any of >> the 'private' information that it is based on. >> >>> Any help on clearing up the above points would be greatly appreciated. >>> >> >> My comments above are at a very general level. >> If the process was as simple as my answers, OpenSSL would not be as >> large a body of code as it is. ;-) >> >> Mike >>> >>> >>> Thank you& >>> Regards >>> >>> Manish Jain >>> invalid.poin...@gmail.com >>> >>> ______________________________________________________________________ >>> OpenSSL Project http://www.openssl.org >>> User Support Mailing List openssl-users@openssl.org >>> Automated List Manager majord...@openssl.org >>> >>> >> >> >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List openssl-users@openssl.org >> Automated List Manager majord...@openssl.org >> > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
