On Thu, Feb 07, 2013 at 08:00:42PM +1300, Trevor Jordan wrote:
> >It is bad practice to clone keys. You should also not depend on
> >OpenSSL negotiating a particular algorithm. OpenSSL's key are
> >for the OpenSSL session only. Keys for your application should
> >be the result of a suitably independent KDF.
>
> Well I wouldn't be cloning keys if I'm not using the OpenSSL
> session. Once keys have been negotiated, I intend to immediately
> close the connection and only reuse the session if I need a new key.
The keys will be "slightly used", they encrypted the "finished"
message and likely also any "close notify" alerts sent to terminate
the session.
> I'll also make sure both server and client only use one algorithm.
> This is not your typical internet based client/public server
> senario. I just need a certificate based authenticated key which
> SSL/TLS can provide.
I would still consider deriving new keys, at the very least you'll
probably want a new IV. You also need a shared secret for HMAC,
or were you planning to use GCM?
Why not just continue with TLS, you've gone to all the trouble of
agreeing on keys, ... the rest is pretty much bulk crypto. Otherwise,
you need to re-invent the wheel with your own stream protocol based
on the agreed keys, this is always harder to get right than you
might guess.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
