Thanks for the responce. I did think about using symmetric crypt for bulk data and just using the asymmetric for session creation (key xchange). However in our application, there is not much data that is being transferred from the sender to the receiver. Only very small number of data packets, but very critical. So I figured using asymmetric will suffice, and keep the design simple.
and sign that with the *senders* private key; this is commonly known as a digital signature.
That is what I m showing the diagram? Or is my diagram wrong? The only difference is I am using MD5.
I will take a look at the commands, and read the RFC. Is there something specific I should be looking for?
Thanks. Sarah
From: Rich Salz <[EMAIL PROTECTED]>
To: Sarah Haff <[EMAIL PROTECTED]>
CC: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
Subject: Re: diagram explaining encryption using openssl
Date: Sat, 20 Sep 2003 11:22:47 -0400 (EDT)
Use standard mechanisms; invent your own and you will almost definitely get it wrong.
RSA is basically only used to encrypt a session (ephemeral) key; that key is a symmetric key which is then used to encrypt the bulk data. To ensure content integrity, better to use a SHA1 hash and sign that with the *senders* private key; this is commonly known as a digital signature.
You should look at the openssl smime and pkcs7 commands. You should probably find the IETF S/MIME RFCs and read and understand them first.
/r$
-- Rich Salz Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
_________________________________________________________________
Get a FREE computer virus scan online from McAfee. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
