"Mark W. Webb" wrote: > I am working on an application that will implement PKI between a server > and a client.
That sentence is somewhat wrong: between clients and servers (i.e. 2 computers) you will need to use a protocol they adhere to when speaking to each other. PKI (Public Key Infrastructure) is not a protocol. I assume you want to secure the communication between the server and the client. SSL is a protocol that can achieve that, and incidentely OpenSSL provides the necessary functionality. > Can someone tell me where I might get some sample code > (C) or a tutorial on how to do it. If you download and unpack the source code of OpenSSL, there is plenty of sample source. You can find the latest version of the OpenSSL source code at http://www.openssl.org/ . There is however not much documentation for programmers besides the source code itself. > I have looked at Eric Rescorla's but I am not sure how to create my own > certificates to get that tutorial work, Rescorla's book is excellent, you should read it some more. You can get free trial certificates from verisign, however they are only valid for some days. http://www.verisign.com/freeGuides.html Alternatively, you can generate your own certificates with openssl, if you download the source code and compile it. You can use the openssl program via the commandline to do so, documentation can be found at http://www.openssl.org/docs/apps/openssl.html Look for the subcommands genrsa (to generate a RSA public/private keypair) req (to generate a certificate requet) x509 (to create a certificate) > I can use the sample > certificates he provides, but that would not be good for production. This is correct - using sample certificates in a production environment would be dangerous if they come with a know private key, and useless if they don't. > Plus I would rather use PKI than certificates. As mentioned above, this is nor either/or choice. PKI relies on certificates. Sorry ;-). - David ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]