On 5/12/2013 10:42 PM, MrUmunhum wrote:
Hi group,
I have a C program that does peer to peer functions. I am using RSA PKI to
encrypt the packets. I need to be able to generate the same PKI keys on both
machines. So I don't want to use a random seed. RSA_generate_key() calls
random. Is there another API I can call that does not use random so I can
generate the same RSA PKI on both machines? These are Linux machines using
OpenSSL
I am trying to avoid the man in the middle attack and I don't want to setup
the keys in advance, just use a common string on both sides.
Thanks for your time.
What you should do is to use a password-protected MAC to sign the
certificate and send it to the other side.
An even easier (and just as strong) solution is to use the SRP support
in recent versions of OpenSSL. This allows you to secure the connection
with a password while still using strong crypto to avoid the usual
dangers of password protected connections.
With SRP, one end stores a special one-way encrypted "verifier" of the
password and the other end has to type it in. The SRP algorithm
verifies that one end knows the verifier and the other end knows the
password, but does not let either side (or a man in the middle) see
what the other end has.
I am not sure what the OpenSSL user interface for using SRP is, maybe
others can answer that.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
