On Wed, May 20, 2009 at 02:37:58PM -0500, AngelWarrior wrote:
> I need some Info.I have a client and server application which requires a
> secure medium for the transferring of data between each other. Currently I
> am using openssl to achieve this using private and public key certificates
> with RSA encryption. I don't want to ship the certificate with each every
> and client application.
>
> So, Is there a method where I can transfer an on the fly created certificate
> from the server to the client securely(like using diffi-hellman) and
> after exchanging the certificates. I will communicate with the normal
> openssl process.
Certifications are for *authentication*, which is only possible via:
- Prior bi-lateral exchange of keys (what you are doing now)
OR
- Mediated key-exchange via a "trusted" introducer (the public CA
model such as it is today)
OR
- Scalable mediated introduction via a trusted online distributed
database, i.e keys in a secure DNS. This has not happened yet,
and may yet fail to materialize.
If you need authentication, pick one of the first two. If you don't,
use anonymous ciphers and accept the risk of active man-in-the-middle
attacks, with TLS protecting you only against passive eavesdropping.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]