Thanks for the reply Dave. I am grateful for your advice. I am a novice as you have probably gathered If I am not wrong in my judgement you seem to have some expertise on cryptology. I have stated SSL in my first post that I would like help with as you know. But with your expertise is there a better solution to use except SSL in terms of security using openssl? I will be thankful for any feedback received. :) :)
greenelephant wrote: > > Hello > > I have a computer with Ubuntu OS and an Apache HTTP server. I am trying > to create a SSL certificate using RSA public and private keys. > > However it has come to my attention that at this present moment there are > sophisticated methods such as man in middle attack, Side channel attack, > and Branch prediction analysis attacks. > > http://en.wikipedia.org/wiki/Man-in-the-middle_attack > http://en.wikipedia.org/wiki/Side_channel_attack > http://en.wikipedia.org/wiki/Branch_prediction > > This is of a concern to me especially the side channel attack as it can > analyse one's CPU variants to predict one's secret key. I am aware of the > ongoing battle between hackers/attackers and the institutions which > provide and create integrity modules/programs such as RSA/SSL etc. I also > know that using high numbered bits (1024 bit encryption) and above lessens > the chance of an attacker breaching your system using this method. This > may be obsolete now with the introduction of attacks listed above such as > Side-Channel Attack but RSA keys can be renewed and regenerated > > However what also has come to my attention is methods created and > introduced by RSA to combat these threats such as 'padding' used by sub > programs created by RSA such as OAEP and PKCS. > > So here is my question. I have an APACHE web server which I would like to > host a HTTPS/SSL page. I would like to be able through OPENSSL to create a > certificate and key(s) which use either PKCS or OAEP methods to 'pad' the > encrypted connections between my computer and my clients. How would I be > able to go about this? > > Thank you in advance for any feedback > -- View this message in context: http://old.nabble.com/Using-PCKS-Padding-in-OpenSSL-tp31728673p31776238.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
