Ok, well assuming you're talking about C++ which is what I'm using, then to
create an RSA key pair you do:
// alice would do this
RSA *rsa = RSA_generate_key(bits, 65537, NULL, NULL);
// alice can then get the public part of the key and send to bob
const int max_hex_size = (bits / 4) + 1;
long size = max_hex_size;
char keyBufferA[size];
char keyBufferB[size];
bzero(keyBufferA,size);
bzero(keyBufferB,size);
sprintf(keyBufferA,"%s\r\n",BN_bn2hex(rsa->n));
sprintf(keyBufferB,"%s\r\n",BN_bn2hex(rsa->e));
int n = send(sock,keyBufferA,size,0);
char recBuf[2];
n = recv(sock,recBuf,2,0);
n = send(sock,keyBufferB,size,0);
n = recv(sock,recBuf,2,0);
// bob can then receive the public key, so on bob's end:
int max_hex_size = (bits / 4) + 1;
char keybufA[max_hex_size];
bzero(keybufA,max_hex_size);
char keybufB[max_hex_size];
bzero(keybufB,max_hex_size);
int n = recv(sock,keybufA,max_hex_size,0);
n = send(sock,"OK",2,0);
n = recv(sock,keybufB,max_hex_size,0);
n = send(sock,"OK",2,0);
rsa = RSA_new();
BN_hex2bn(&rsa->n, keybufA);
BN_hex2bn(&rsa->e, keybufB);
// bob can then generate symmetric key
unsigned char* key;
int n = RAND_bytes(key, bytes); // if n is 0 then system failed in having
enough entropy to gather a strong key and should be //considered insecure
// bob can then encrypt key with alice's public key, in fact here is a
snippet of a function
// note ivec is an intialisation vector. This is often initialized to 0 (but
doing this is very insecure, but its useful
// to do this for testing purposes)
void
theEncryptor::blowfish(unsigned char *data, int data_len, unsigned char*
key, unsigned char *ivec, int enc)
{
// hash the key first!
unsigned char obuf[20];
bzero(obuf,20);
SHA1((const unsigned char*)key, 64, obuf);
BF_KEY bfkey;
int keySize = 20;//strlen((char*)key);
BF_set_key(&bfkey, keySize, obuf);
//unsigned char ivec[16];
//memset(ivec, 0, 16);
unsigned char* out=(unsigned char*) malloc(data_len);
bzero(out,data_len);
int num = 0;
// enc is whether to encrypt (true) or decrypt (false)
BF_cfb64_encrypt(data, out, data_len, &bfkey, ivec, &num, enc);
memcpy(data, out, data_len);
free(out);
}
// bob is now free to send the ecnrypted key back to alice
Note: you should also look at the open_ssl api. I found this very helpful.
Cheers,
Ben.
On 21 July 2010 15:41, Harshvir Sidhu <hvssi...@gmail.com> wrote:
> Ben:
> Yes thats what i need to do. If you can provide some example, that will
> be great.
>
> Thanks.
>
> // Harshvir
>
>
> On Wed, Jul 21, 2010 at 9:17 AM, Ben Jones <b...@bhjones.com> wrote:
>
>> Well I implemented something very similar recently but using tcp rather
>> than udp. In my case, alice creates a public-private key pair and sends
>> public key to bob. Bob then encrypts randomly generated symmetric key (.e.g
>> blowish, dsa or aes etc.) with public key and sends the result to alice.
>> Alice then decrypts with her private key. Both alice and bob have knowledge
>> of symmetric key which can then be used for secure communication.
>>
>> A clear problem with this is a man-in-the-middle attack. There are
>> functions built into the open ssl framework that allows you do create such
>> keys manually. If that's what you need to do, I can give a more concrete (
>> albeit probably naive) example...
>>
>> Cheers,
>> Ben.
>>
>>
>> On 21 July 2010 15:02, Harshvir Sidhu <hvssi...@gmail.com> wrote:
>>
>>> Hi All,
>>> I am trying to use encryption over Client/Server machines. My
>>> requirement is that i have to use winsock UDP functions to send and receive
>>> data. Is there some mechanism to perform key and cipher exchange in this
>>> case, like normally SSL_Connect will do this, but in my case i cannot use
>>> that. Is there some suggestion for this?
>>>
>>> // Harshvir
>>>
>>>
>>
>>
>>
>>
>>
>
