forgot to say at step 7 and 8 agreed upon encryption algorithm On Wed, May 20, 2009 at 3:18 PM, AngelWarrior <srikanth.bemin...@gmail.com>wrote:
> Thank you for replying. > I am thinking of this design.Is this feasible.My design approach is mainly > based on > "I dont need to know with whom I am contacting but after contact my > messages should be private." > > client(My own application) > Server (My own application) > > > 1.(client)create a normal socket and connect to the > server > 2.(server)After receiving the connection send deffie hellman paramerters > 3. (client)compute my key and pass the params for > DH > 4.(server)compute the key number > 6. (client)Multiple(n==10) key exchange using > DH > 5. (server)Multiple(n==10) key exchange using DH > 7.(server)generate the public key and encrypt with the key which we have > already exchanged. > 8.(server)Send the key to client and disconnect the normal socket. > 10.(client)after receiving the key close the connection. > 11.(client)Start a normal openssl connection. > > With Regards > > > > > > > On Wed, May 20, 2009 at 2:48 PM, Victor Duchovni < > victor.ducho...@morganstanley.com> wrote: > >> On Wed, May 20, 2009 at 02:37:58PM -0500, AngelWarrior wrote: >> >> > I need some Info.I have a client and server application which requires a >> > secure medium for the transferring of data between each other. Currently >> I >> > am using openssl to achieve this using private and public key >> certificates >> > with RSA encryption. I don't want to ship the certificate with each >> every >> > and client application. >> > >> > So, Is there a method where I can transfer an on the fly created >> certificate >> > from the server to the client securely(like using diffi-hellman) and >> > after exchanging the certificates. I will communicate with the normal >> > openssl process. >> >> Certifications are for *authentication*, which is only possible via: >> >> - Prior bi-lateral exchange of keys (what you are doing now) >> OR >> - Mediated key-exchange via a "trusted" introducer (the public CA >> model such as it is today) >> OR >> - Scalable mediated introduction via a trusted online distributed >> database, i.e keys in a secure DNS. This has not happened yet, >> and may yet fail to materialize. >> >> If you need authentication, pick one of the first two. If you don't, >> use anonymous ciphers and accept the risk of active man-in-the-middle >> attacks, with TLS protecting you only against passive eavesdropping. >> >> -- >> Viktor. >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List openssl-users@openssl.org >> Automated List Manager majord...@openssl.org >> > > > > -- > _/\_ > With Regards > SB Angel Warrior > > -- _/\_ With Regards SB Angel Warrior
