No feedback with EVP_aes_256_xxx() functions
dear list, i'm trying to develop a stable aes 256 bit cipher code with the EVP routines. everything works fine, but i dont seem to get feedback when using EVP_aes_256_cbc/cfb/ofb() modes, although i use an IV of 32 bytes. the order of my function callings is as follows: EVP_CIPHER_CTX_init(); EVP_EncryptInit_ex(); EVP_EncryptUpdate(); EVP_EncryptFinal_ex(); the same applies for the decryption routine with the corresponding functions. when the plaintext repeats the ciphertext does too, what really shouldnt be the case with feedback mode. any ideas? thanks a lot best regards Verschicken Sie romantische, coole und witzige Bilder per SMS! Jetzt neu bei WEB.DE FreeMail: http://freemail.web.de/?mc=021193 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Avoiding Certificates for Server/Client approach
The anonymous DH ciphersuites (disabled by default) can perform SSL/TLS without using certificates. To use these you need to set appropriate DH parameters on the server side and enable the ciphersuites using an appropriate cipher string. However without some form of authentication the connection is vulnerable to man in the middle attacks. Steve. Well, currently i am using certificates that don't have been signed by anyone so they could be generated by anybody. Wouldn't that make them senseless? The certificates i am using for client and server side are generated by openssl(1) and simply exchanged when the client and server handshake. Because neither of the two is signed by a CA, it would enable everybody to create a certificate and masquerade as my server (or client), no? best regards threadhead ___ WEB.DE Video-Mail - Sagen Sie mehr mit bewegten Bildern Informationen unter: http://freemail.web.de/?mc=021199 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Avoiding Certificates for Server/Client approach
Yes if you are trusting any certificate then you might as well use anon DH. Normally, for certificates, this is resolved by using a mutually acceptable certificate or CA certificate which have been exchanged by some secure means. Steve. First of all thanks for your suggestions, i'll keep them in mind. How would i then use the anonymous DH public key algorithm? (May it either be on the fly or from a file containing the public values.) Are there any functions for that in the openssl library that i can use? best regards threadhead Aufnehmen, abschicken, nah sein - So einfach ist WEB.DE Video-Mail: http://freemail.web.de/?mc=021200 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Avoiding Certificates for Server/Client approach
Hello list, i am currently trying to get rid of all the certificate stuff, that i've seen often before in many applications using the openssl library. basically my server/client model should only handshake without certificate exchange. the cipher is choosen by the client. after that the two programs are supposed to transfer encrypted data with SSL_read and SSL_write. now, is it possible to avoid building/exchanging/verifying certificates on the client AND serverside but still have the data channel encrypted with the cipher picked by the client? thanks for your time best regards threadhead ___ WEB.DE Video-Mail - Sagen Sie mehr mit bewegten Bildern Informationen unter: http://freemail.web.de/?mc=021199 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Avoiding Certificates for Server/Client approach
I know about DH key exchange and its use in the openssl library. But how would i use the private session keys from DH to encrypt and decrypt the data flowing from peer to peer with highlevel hooks like SSL_read and SSL_write? Or is it required to use completely different functions like the EVP_* family to set up the cipher routines? best regards threadhead Try using Diffie Helleman to derive the private key by exchanging public keys. Encrypt/Decrypt with the derived private key at the respective ends. ___ WEB.DE Video-Mail - Sagen Sie mehr mit bewegten Bildern Informationen unter: http://freemail.web.de/?mc=021199 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]