On 24-08-2010 15:14, Harshvir Sidhu wrote:
Ben, theEncryptor::blowfish(unsigned char *data, int data_len, unsigned char* key, unsigned char *ivec, int enc) In this function you are passing key argument as char *, i am not able to find alice's public key in char* format, we received that in 2 buffers and we put that in RSA struct. Which one should i use to pass in here. Thanks. // Harshvir
key here is the random key generated by Bob with the call to ok = RAND_bytes(key, 64); Bob has this key because he just made it. Alice can get the key if Bob encrypts "key" with Alice's public key (received earlier) and sends the encrypted key to Alice, who can decrypt it with her private key. By the way, I don't know why this code hashes a 64 byte random key down to a 20 byte (160 bit) symmetric key, rather than just exchanging a 20 byte symmetric key initially (I can think of both good and bad reasons for this).
On Wed, Jul 21, 2010 at 10:07 AM, Ben Jones <b...@bhjones.com <mailto:b...@bhjones.com>> wrote: Ok, well assuming you're talking about C++ which is what I'm using, then to create an RSA key pair you do: // alice would do this RSA *rsa = RSA_generate_key(bits, 65537, NULL, NULL); // alice can then get the public part of the key and send to bob const int max_hex_size = (bits / 4) + 1; long size = max_hex_size; char keyBufferA[size]; char keyBufferB[size]; bzero(keyBufferA,size); bzero(keyBufferB,size); sprintf(keyBufferA,"%s\r\n",BN_bn2hex(rsa->n)); sprintf(keyBufferB,"%s\r\n",BN_bn2hex(rsa->e)); int n = send(sock,keyBufferA,size,0); char recBuf[2]; n = recv(sock,recBuf,2,0); n = send(sock,keyBufferB,size,0); n = recv(sock,recBuf,2,0); // bob can then receive the public key, so on bob's end: int max_hex_size = (bits / 4) + 1; char keybufA[max_hex_size]; bzero(keybufA,max_hex_size); char keybufB[max_hex_size]; bzero(keybufB,max_hex_size); int n = recv(sock,keybufA,max_hex_size,0); n = send(sock,"OK",2,0); n = recv(sock,keybufB,max_hex_size,0); n = send(sock,"OK",2,0); rsa = RSA_new(); BN_hex2bn(&rsa->n, keybufA); BN_hex2bn(&rsa->e, keybufB); // bob can then generate symmetric key unsigned char* key; int n = RAND_bytes(key, bytes); // if n is 0 then system failed in having enough entropy to gather a strong key and should be //considered insecure // bob can then encrypt key with alice's public key, in fact here is a snippet of a function // note ivec is an intialisation vector. This is often initialized to 0 (but doing this is very insecure, but its useful // to do this for testing purposes) void theEncryptor::blowfish(unsigned char *data, int data_len, unsigned char* key, unsigned char *ivec, int enc) { // hash the key first! unsigned char obuf[20]; bzero(obuf,20); SHA1((const unsigned char*)key, 64, obuf); BF_KEY bfkey; int keySize = 20;//strlen((char*)key); BF_set_key(&bfkey, keySize, obuf); //unsigned char ivec[16]; //memset(ivec, 0, 16); unsigned char* out=(unsigned char*) malloc(data_len); bzero(out,data_len); int num = 0; // enc is whether to encrypt (true) or decrypt (false) BF_cfb64_encrypt(data, out, data_len, &bfkey, ivec, &num, enc); memcpy(data, out, data_len); free(out); } // bob is now free to send the ecnrypted key back to alice Note: you should also look at the open_ssl api. I found this very helpful. Cheers, Ben. On 21 July 2010 15:41, Harshvir Sidhu <hvssi...@gmail.com <mailto:hvssi...@gmail.com>> wrote: Ben: Yes thats what i need to do. If you can provide some example, that will be great. Thanks. // Harshvir On Wed, Jul 21, 2010 at 9:17 AM, Ben Jones <b...@bhjones.com <mailto:b...@bhjones.com>> wrote: Well I implemented something very similar recently but using tcp rather than udp. In my case, alice creates a public-private key pair and sends public key to bob. Bob then encrypts randomly generated symmetric key (.e.g blowish, dsa or aes etc.) with public key and sends the result to alice. Alice then decrypts with her private key. Both alice and bob have knowledge of symmetric key which can then be used for secure communication. A clear problem with this is a man-in-the-middle attack. There are functions built into the open ssl framework that allows you do create such keys manually. If that's what you need to do, I can give a more concrete ( albeit probably naive) example... Cheers, Ben. On 21 July 2010 15:02, Harshvir Sidhu <hvssi...@gmail.com <mailto:hvssi...@gmail.com>> wrote: Hi All, I am trying to use encryption over Client/Server machines. My requirement is that i have to use winsock UDP functions to send and receive data. Is there some mechanism to perform key and cipher exchange in this case, like normally SSL_Connect will do this, but in my case i cannot use that. Is there some suggestion for this? // Harshvir
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
