The station-to-station protocol -- a digitally-signed Diffie-Hellman exchange -- should do what you want.
On Apr 10, 2012, at 7:59 PM, King Of Fun wrote: > I am looking for a protocol that will provide mutual authentication and key > exchange with a minor twist: the client and server have RSA key pairs, but > they cannot use them in the same way. In particular, the server has full use > of its keys, but the only use the clients can make of their private keys is > for signing. I would rather not roll my own protocol, given the amount of > rope available for self-hanging. And seeing as how there are some pretty > obscure protocols out there, chances are someone has already published one > that would cover this case. > > All clients have the public key of the server, and the server has all of the > public keys of the clients. > The client can only use its private key for signing. In particular, the > client cannot decrypt data that has been encrypted with that client's public > key. > > Is there a protocol out there already that provides AKE, or are the clients > too underpowered, or...? > > Thanks and regards, > Brian > > _______________________________________________ > cryptography mailing list > [email protected] > http://lists.randombit.net/mailman/listinfo/cryptography > --Steve Bellovin, https://www.cs.columbia.edu/~smb _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
