Re: How can I encrypt public key in handshake?

Tue, 20 Mar 2001 15:30:18 -0800 

Corky,

    It sounds like you are trying to do SSL with password-based
authentication instead of certificate-based authentication. There is an
effort being made to standardize this approach using the SRP techniques, see
(http://www.ietf.org/internet-drafts/draft-ietf-tls-srp-00.txt) for ideas.
This will at least give you some hints on where to do your thing in the
protocol, if not the code.

    I'll try to look around in the code a bit later for ideas.

_____________________________________
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_____________________________________



----- Original Message -----
From: "corky peavy" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, March 20, 2001 2:18 PM
Subject: How can I encrypt public key in handshake?


>
> I am building a system where the public key needs to be encrypted by
> the server, and decrypted by the client.
>
> The included blowfish encryption is fine, but I can't figure out where
> in the client and server code to encrypt/decrypt.  Encrypting it just
> before it is sent to the client is detected by the MAC checking.  Other
> places cause other problems.  Is anyone familiar enough with the code
> to suggest where this should be done, and to what structures?
>
>
> Background and Rationale -- if you are interested.
>
> I need to do this because our product would not be practical with the
> headaches of certificate authorities, but we do need some user
authentication,
> and defense against man-in-the-middle attacks.
>
>
> We will use a typical password system for user authentication before
> establishing the SSL session.  When the client successfully loggs in,
> we send the public key encrypted using her password.  Only the correct
> client can decrypt the public key, because only the they know the password
> it was encrypted with.
>
>
> --
> corky peavy
> [EMAIL PROTECTED] - email
> (512) 682-6934 x6527 - voicemail/fax
>
>
>
> __________________________________________________
> FREE voicemail, email, and fax...all in one place.
> Sign Up Now! http://www.onebox.com
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to