Hello all,
I'm wanting to use openssl to provide a psk-like authentication and
encryption. While I see that openssl cvs has some TLS-PSK
functionality, this does not seem to exist in any of the released
tarballs. I run gentoo and I don't see any psk related options when I
run openssl s_client --help either. In my quest to develop and
distribute an application that relies on psk-like functionality
without requiring people to build and install cvs revisions of
openssl, I have decided that this functionality isn't a reasonable
route.
So I've tried to think of ways to have a psk-like functionality with
openssl. My project does not require high enough security to need both
client and server to be able to trace certs up the CA chain to a
common root CA, so I am relying on the server side having a self-
created CA that every cert is signed with. From there, here is the
process:
- A server private key and server cert signed with self-created CA
cert are created
- A client private key protected by a passphrase and a client cert
signed with the self-created CA cert are created
- When the client first connects to the server, the client downloads
the client private key and client cert along with the CA cert it was
signed with.
- The client then attempts to create an ssl connection to the server.
The client can only do this if the client public key can be decrypted
with the correct passphrase used when the private key was created.
Both the client and server certs are verified by the self-created CA
cert that both sides now have.
The one weakness in all this is the initial connection where the
client downloads the client key and cert and shared CA cert. If the
server isn't the intended server, the client won't know. I plan on
providing for the user to confirm or reject the server based on
whether the CA cert matches what the user thinks it should (would it
be safe enough to just MD5sum hash the CA cert and present that sum to
the user?). From then on, the client stores the CA cert and if a
subsequent man in the middle attack is attempted, the server cert
won't match the CA cert the client possesses.
Does this design work as I am intending, with only one set of server
and client certs needed per server implementation?
Thanks,
Chase Douglas
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
