To the best of my knowledge, the encryption keys and signing keys are the same.
i.e. You would negotiate a session key that would be used to symmetrically encrypt the data sent. The fact that the recipient can decrypt it implies that the data is authentic, since only the two parties would be privy to the session key. It is possible to use a "null" algorithm, I think, that simply does no encryption. This allows the client to be sure that they are talking to the server, and potentially allows the server to know that it is talking to the client (if you are using client certs), but reduces the overhead of actually encrypting the data. I'm not sure if this has any guarantees about the integrity of the data anymore, though. I'm really not sure what you are asking though. SSL is inherently asymmetric in the key negotiation phase, and symmetric in the encryption phase. Hope this helped. Rogan > -----Original Message----- > From: Niall O Malley (LMI) [mailto:[EMAIL PROTECTED]] > Sent: 14 February 2002 03:06 > To: [EMAIL PROTECTED]; '[EMAIL PROTECTED]' > Subject: SSL Question > > > Just a quick question > > say I wish to setup an SSL link between a client and a server > - but I just want to perform digital signing from the client > to the server, > are these two functions (i.e. the setting up of the SSL > tunnel, and the signing mechanism) considered totally > separate -i.e. is the tunnel setup completely separately and > using different key/certificate systems than the digital > signing keys and certs? > > What I am considering is to use a phone to link to an SSL > enabled server - will the phone download the cert of just a > hashed algorithm from the server. The Netscape site is next > to useless - which is strange since they have developed the protocol. > > Does anyone know a useful place to find such information on > Symmetric SSL etc. > > Any ideas ??? > >
