On 04/11/2012 03:01 PM, Florian Weimer wrote:
* King Of Fun:

All clients have the public key of the server, and the server has
all of the public keys of the clients. The client can only use its
private key for signing. In particular, the client cannot decrypt
data that has been encrypted with that client's public key.

TLS with client certificate authentication might fit your needs.
The server decrypts a challenge sent by the client, and the client
signs most of the handshake messages (including a server-supplied
challenge).

There's a nice old article showing that message authentication can be functionally equivalent to encryption.
http://people.csail.mit.edu/rivest/chaffing-980701.txt

Nevertheless, x509 certs have a key usage field that specifies whether or not the client is "allowed" to use the cert for signing and/or encryption. Of course, nothing prevents him from decrypting data for which he knows the private key, but the idea is that no one should encrypt it to that key in the first place (or at least if they did, someone would be in a state of "violation"). Tsk tsk.

- Marsh
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography

Reply via email to