The station-to-station protocol -- a digitally-signed Diffie-Hellman exchange 
-- should do what you want.

On Apr 10, 2012, at 7:59 PM, King Of Fun wrote:

> I am looking for a protocol that will provide mutual authentication and key 
> exchange with a minor twist: the client and server have RSA key pairs, but 
> they cannot use them in the same way. In particular, the server has full use 
> of its keys, but the only use the clients can make of their private keys is 
> for signing. I would rather not roll my own protocol, given the amount of 
> rope available for self-hanging. And seeing as how there are some pretty 
> obscure protocols out there, chances are someone has already published one 
> that would cover this case.
> 
> All clients have the public key of the server, and the server has all of the 
> public keys of the clients.
> The client can only use its private key for signing. In particular, the 
> client cannot decrypt data that has been encrypted with that client's public 
> key.
> 
> Is there a protocol out there already that provides AKE, or are the clients 
> too underpowered, or...?
> 
> Thanks and regards,
> Brian
> 
> _______________________________________________
> cryptography mailing list
> [email protected]
> http://lists.randombit.net/mailman/listinfo/cryptography
> 


                --Steve Bellovin, https://www.cs.columbia.edu/~smb





_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography

Reply via email to