I have been able to successfully implement the following sequence of events
when:
a) Both the Client and the Server are using the MS Crypto API.
b) Both the Client and the Server are using OpenSLL.
On the Client:
1) Generate a Public/Private Key Pair.
2) Export the Public Key.
3) Transmit the Public Key to the Server.
On the Server:
1) Import the Public Key
2) Generate a Session Key for Triple DES Encryption.
3) Export the Session Key using the Public Key for Session Key Encryption.
4) Transmit the Encrypted Session Key to the Client.
On the Client:
1) Import the Encrypted Session Key using the Private Key for Session Key
Decryption.
Now that both sides have the Session Key, begin using it for Triple DES
message encryption/decryption.
The problem: I have not been able to process with the MS Crypto API on the
Client and OpenSSL on the Server.
I am accepting a Crypto API Public Key BLOB in the OpenSSL Server Code and
trying to generate (on the Server) a Crypto API Simple Key BLOB (containing
the Session Key) for the Client to import the encrypted Session Key.
Has anyone been able to get something like this to work?
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
