PKI and sockets

2002-04-09 Thread Mark W. Webb 

I am working on an application that will implement PKI between a server 
and a client.  Can someone tell me where I might get some sample code 
(C) or a tutorial on how to do it.  

I have looked at Eric Rescorla's but I am not sure how to create my own 
certificates to get that tutorial work, I can use the sample 
certificates he provides, but that would not be good for production. 
 Plus I would rather use PKI than certificates.

Any help would be great.
Thank you.

Mark Webb

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: PKI and sockets

2002-04-09 Thread David Maurus 

Mark W. Webb wrote:

 I am working on an application that will implement PKI between a server
 and a client.

That sentence is somewhat wrong: between clients and servers (i.e. 2
computers) you will need to use a protocol they adhere to when speaking to
each other. PKI (Public Key Infrastructure) is not a protocol. I assume you
want to secure the communication between the server and the client. SSL is
a protocol that can achieve that, and incidentely OpenSSL provides the
necessary functionality.


 Can someone tell me where I might get some sample code
 (C) or a tutorial on how to do it.

If you download and unpack the source code of OpenSSL, there is plenty of
sample source. You can find the latest version of the OpenSSL source code
at http://www.openssl.org/ . There is however not much documentation for
programmers besides the source code itself.

 I have looked at Eric Rescorla's but I am not sure how to create my own
 certificates to get that tutorial work,

Rescorla's book is excellent, you should read it some more.

You can get free trial certificates from verisign, however they are only
valid for some days.
http://www.verisign.com/freeGuides.html

Alternatively, you can generate your own certificates with openssl, if you
download the source code and compile it. You can use the openssl program
via the commandline to do so, documentation can be found at
http://www.openssl.org/docs/apps/openssl.html
Look for the subcommands
genrsa (to generate a RSA public/private keypair)
req (to generate a certificate requet)
x509 (to create a certificate)

 I can use the sample
 certificates he provides, but that would not be good for production.

This is correct - using sample certificates in a production environment
would be dangerous if they come with a know private key, and useless if
they don't.

  Plus I would rather use PKI than certificates.

As mentioned above, this is nor either/or choice. PKI relies on
certificates. Sorry ;-).

- David

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]