Ajay, 
On Mar 25, 2012, at 9:54 PM, Ajay Garg wrote:

> Thanks Eric for the reply.
> 
> Eric, but how is the shared secret comfigured?
> I do not remember configuring anything like this for the HTTPS-based WebDAV 
> server.

As your DAV client and the server set up their SSL connection, they exchange 
information that is used by either side to derive a set of session encryption 
keys.  This starts with a piece of random data generated by the client, wrapped 
in the public key from the server's certificate, and sent to the server.  Since 
only the server has the corresponding private key, no eavesdropper can 
intercept this piece of data, and no one but the server and client have the 
proper input material to derive those session keys.  

Once the session keys are created, they are used by either side to sign, 
encrypt, decrypt and verify the SSL records sent across the connection.  

So the only thing that is pre-arranged is the key/certificate on the server, 
and the fact that the client trusts the server certificate (through the CA 
certificate in the client's key store or CA bundle).  

Hope this helps, 

S.

> Thanks and Regards,
> Ajay
> 
> On Sun, Mar 25, 2012 at 11:39 PM, Eric Covener <cove...@gmail.com> wrote:
> > BUT, HOW IS THE CLIENT ABLE TO DECRYPT THE DATA? (I have been running both
> > webdav server and client on the same machine; so it might very well
> > be the case that some info from "ssl.conf" and/or "httpd.conf" is being used
> > at the client side. However, I am just guessing ...
> 
> Under SSL, the client and server negotiate a shared secret used to
> encrypt/decrypt the data.
> 
> They can set this up securely because the client starts this process
> with info encrypted with the servers public key.
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
> 
> 


-- 
scte...@apache.org            http://www.temme.net/sander/
PGP FP: FC5A 6FC6 2E25 2DFD 8007  EE23 9BB8 63B0 F51B B88A

View my availability: http://tungle.me/sctemme



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Reply via email to