I am building a system where the public key needs to be encrypted by
the server, and decrypted by the client.
The included blowfish encryption is fine, but I can't figure out where
in the client and server code to encrypt/decrypt. Encrypting it just
before it is sent to the client is detected by the MAC checking. Other
places cause other problems. Is anyone familiar enough with the code
to suggest where this should be done, and to what structures?
Background and Rationale -- if you are interested.
I need to do this because our product would not be practical with the
headaches of certificate authorities, but we do need some user authentication,
and defense against man-in-the-middle attacks.
We will use a typical password system for user authentication before
establishing the SSL session. When the client successfully loggs in,
we send the public key encrypted using her password. Only the correct
client can decrypt the public key, because only the they know the password
it was encrypted with.
--
corky peavy
[EMAIL PROTECTED] - email
(512) 682-6934 x6527 - voicemail/fax
__________________________________________________
FREE voicemail, email, and fax...all in one place.
Sign Up Now! http://www.onebox.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
