Hi, In addition to the online material, are there any good books which we can refer to understand openSSL better? Both conceptually as well as from the API/code perspective. We hear of the "Network Security with OpenSSL by John Viega" as one good reference. But it was published in 2002. Any good new books which can be used?
Regds, Ashok On Sat, Jan 7, 2012 at 11:44 PM, Ben Laurie <b...@links.org> wrote: > On Sat, Jan 7, 2012 at 4:12 PM, Manish Jain <invalid.poin...@gmail.com> > wrote: > > > > Hello Michael/Anyone Else, > > > > Can you be kind enough to please point me to some place/URL where I can > get > > a bit more information about how the key is negotiated upon ? > > > > I have gone through a a couple of write-ups on OpenSSL which throw light > > upon everything else except for this vital piece of information. > > http://en.wikipedia.org/wiki/Transport_Layer_Security > > > > > > > Thanks & Regards > > Manish Jain > > > > > > > > On 07-Jan-12 19:23, Michael S. Zick wrote: > >> > >> On Sat January 7 2012, Manish Jain wrote: > >>> > >>> > >>> Hi, > >>> > >>> I am new to OpenSSL and am trying to prepare some illustrative > >>> documentation on how it works. > >>> > >>> AFAIK, OpenSSL uses the concept of a pair of keys per host : one is a > >>> private key which is never communicated to any other host, and the > other > >>> is a public key which is transmitted to the peer (the other party). The > >>> client uses the public key of the server (contained in the server's > >>> certificate) to encrypt its communication, which can only be decrypted > >>> with the server's private key. Please correct me if I am wrong. > >>> > >> > >> That is the essence of what happens and by that the client knows > >> that it is communicating with the server it intended to reach > >> (authentication). > >> > >>> Now the question is : when the server sends data to the client, what > key > >>> does it use for encryption ? > >>> > >> > >> The general answer is: The client and server establish a shared key > >> for that propose early in the protocol. > >> > >>> Does the client communicate its public key > >>> to the server (at some initial stage) which the server uses for > >>> encryption ? > >>> > >> > >> If the communications set up between the two requires client > >> authentication. > >> In many cases the client remains a stranger to the server > >> (un-authenticated). > >> > >>> If yes, what if the client does not have a pair of > >>> public/private keys ? > >>> > >> > >> The usual case for public web browsing using https and some other > >> protocols. > >> The client remains a stranger to the server. > >> > >>> The question arises because it does not seem logical that the server > >>> would its private key for encrypting data to be sent to the client. > >>> Else, snoopers who might have picked the public key could decrypt the > >>> data too. > >>> > >> > >> There is an early stage in nearly all protocols, called: key agreement > >> where the client and server agree on a key without exchanging any of > >> the 'private' information that it is based on. > >> > >>> Any help on clearing up the above points would be greatly appreciated. > >>> > >> > >> My comments above are at a very general level. > >> If the process was as simple as my answers, OpenSSL would not be as > >> large a body of code as it is. ;-) > >> > >> Mike > >>> > >>> > >>> Thank you& > >>> Regards > >>> > >>> Manish Jain > >>> invalid.poin...@gmail.com > >>> > >>> ______________________________________________________________________ > >>> OpenSSL Project http://www.openssl.org > >>> User Support Mailing List openssl-users@openssl.org > >>> Automated List Manager majord...@openssl.org > >>> > >>> > >> > >> > >> ______________________________________________________________________ > >> OpenSSL Project http://www.openssl.org > >> User Support Mailing List openssl-users@openssl.org > >> Automated List Manager majord...@openssl.org > >> > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List openssl-users@openssl.org > > Automated List Manager majord...@openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
