Manuel Sahm escribió:
Hello,
thank you for your reply :-)
How could I realize your mentioned option with openssl (functions):
public keys (asymmetric keys) without certificates
( In this situation neither A and B need to know about a previous secret.)
Thank you so much
>>> Sergio <[EMAIL PROTECTED]> 04.09.2008 00:04 >>>
Manuel Sahm escribió:
> Hello,
>
> thanks for reply,...
>
> Maybe you could help me.
>
> Is it possible to use a password instead of a Certification file and a
> Certification Key File to make the tcp connection secure via openssl ?
>
> Thank you
>
> >>> Sergio <[EMAIL PROTECTED]> 03.09.2008 16:44 >>>
> Manuel Sahm escribió:
> > Hello,
> >
> > I want to make my network connection encrypted/secure using ssh.
> >
> > At the moment I open a socket in my embedded device, so that an client
> > (PC) is able to connect to it:
> >
> > //initialization of the socket
> > handle = socket(AF_INET, SOCK_STREAM, 0);
> > serv_addr.sin_family = AF_INET;
> > serv_addr.sin_add.s_addr = htonl(INADDR_ANY);
> > serv_addr.sin_port = htons(10001);
> >
> > bind(handle, &serv_adr, size_of(serv_adr));
> > listen(handle, 0);
> >
> > In my communication thread I have the functions
> > - accept
> > - read
> > - write
> > - close
> >
> > How is it possible to make my network secure via ssl and the sockets
> > used in the sample code...
> >
> > Thank you very very much
> >
> > Manuel Sahm
> > <http://www.eset.com>
> Hi,
>
> i have never used SSL api directly, only command line but, i suposse you
> want to encrypt the communication under your TCP socket. You need to
> establish a TLS session and, i think your question is too ambiguous
> because i suspect you need to use many functions and data structures
> from ssl implementation. What you want is to establish a complete ssl
> environment and my only advice (a recommendation from a newbie) is to
> read and to study SSL api doc to see your needs more clear.
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager [EMAIL PROTECTED]
>
I think you have a conflict with your ideas. A and B want to secure its
communication. They need to be agree about which key to use. I suppose
you can encrypt the information at the origin using a symmetric key
(aes, des, idea etc) and decrypt ir at destination with the same key. A
and B must know the key. But also i suppose you can establish a ssl
connection to perform a key exchange (key negotiation) using
certificates or public keys (asymmetric keys) without certificates. In
this situation neither A and B need to know about a previous secret.
This is the normal situation of a client-server environment.
If your socket is a TCP socket i think is better for you to establish a
ssl session, more than using a symmetric key. I think symmetric keys are
more suitable for UDP but i'm not an expert and i don't assure anything.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
<http://www.eset.com>
As David said, i express myself bad, i wanted to say "A and B not need
to know any previous SHARED secret".
As Ger said, if you use public keys without certification, for example a
server with a public key, you will never be sure 100% that server is
reliable, because is not certified by anybody. It won't be
authenticated. But i think is a better way to begin. For example SSH
works by this way, the first time you connect to your router (for
example) using SSH you need to establish the confidence (yes or no) of
the router's public key. About how asymmetric cryptography works i think
you can read too many docummentation over Internet, for example:
http://en.wikipedia.org/wiki/Public-key_cryptography
but i can't help you any more with ssl api. To do this i recommend you
to see some code from another projects which use openssl. For example,
you can make a view of Apache Web server code and see how it establishes
a tls session :)
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
