Besides the fact that using raw public/private key pairs is in my mind a disaster waiting to happen to all SSH users:
. they have no notion of identity associated with them . they have no notion of trust associated with them . they have no notion of usage associated with them . they have no ability to be expired . they have no ability to be revoked if compromised private keys are stored in most cases on the disks of insecure operating systems protected only by a passphrase chosen by a end user that knows nothing about security. An insecure OS is one that is either unmanageable or one that is not properly maintained from a security perspective. No OS maintained by the end user is secure. A passphrase consisting of human readable/typable text provides approximately 2 bits of entropy per character. Therefore, to provide an equivalent strength key to protect a 1024 bit private key would require a passphrase at least 64 characters long. Since most passphrases are significantly shorter, not more than an 8 character password, dictionary attacks to extract the private key are highly effective. I am simply waiting for the virus/worm that as part of its operation steals SSH identity and known_hosts files and sends them off to be dictionary attacked. The difference between raw public/private key pairs and X.509 certs is that the cert is a centrally managed object that can be revoked. Something that is revoked cannot be used again by the end user. In other words, the end user cannot simply copy re-use their previous generated key pair. If the user can generate a public/private key pair then they can with appropriate tools provided by you generate a Certificate Signing Request, send the CSR to your host, have it signed and installed. Its more work on your part not on the end users. - Jeff > Hi! > > I am trying to use OpenSSL to build secure authenticated channel between > client and server. I want server to allow connections only from certain > clients, and I want client to be sure it is connected to the right server. > > I see how it could be done using certificates. However for my application > generating certificates would be to complex for end user. > > The simplest way I see it would be to use RSA public/private keys: the way > SSH does. So client and server each would have private/public key pairs > generated. When, I would manually add server public key to client side and > client public key to server side (server will possibly have more that one > client key). > > If there is anything wrong with the way I am planning to do it? It seems > to me that this should be pretty common usage. If somebody done this > before I would appreciate any advice. I am new to openssl and still > learning basics. > > Sincerely, > Vadim > > -- > "La perfection est atteinte non quand il ne reste rien a ajouter, mais > quand il ne reste rien a enlever." (Antoine de Saint-Exupery) > > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > Jeffrey Altman * Sr.Software Designer C-Kermit 8.0 available now!!! The Kermit Project @ Columbia University includes Telnet, FTP and HTTP http://www.kermit-project.org/ secured with Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. Interfaces with OpenSSH ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
