------=_Part_18136_3830118.1207614869894
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Yes I know it makes no sense, but this is what I have to do in the
assignment.
I complained to the prof already but he still wants to do something like
that.

On Mon, Apr 7, 2008 at 6:29 PM, Victor Duchovni <
Victor.Duchovni@morganstanley.com> wrote:

> On Mon, Apr 07, 2008 at 06:25:21PM -0600, Tuan Vu wrote:
>
> > Assume that I write a client app A and a server app B. A and B set up a

> SSL
> > connection. A wants to send B some file and its signature. Once B

> receives
> > the file and its signature, B has to verify if it's correct or not.

>
> Once you have the SSL connection, just send the file. No need to further
> encrypt or sign anything with the keys of the client or server. If you
> want to securely transport data signed by yet anothe party, that makes
> sense in some cases.
>
> > I dont want A and B to exchange any signing key manually. Instead, I

> want to
> > use A's private key/public key (agreed by both sides during the SSL
> > handshake process) to sign and verify signature. Thus, after a SSL
> > connection is established, from A's side, I need to get the A's private

> key
> > (part 1). From B's side I need to get B's public key (part 2). I looked

> at
> > the SSL document and only found EVP_PKEY *SSL_get_privatekey(SSL *ssl),

> can
> > I use this API for part 1? If not, what else can I do. And how can I do

> part
>
> This makes no sense, just do mutual authentication when you set up the
> TLS session (B requests and checks A's client cert, A checks B's server
> cert), then you have a secure channel and can send arbitrary data without
> further encryption.
>
> --
> Viktor.
> __________________________________________________ ____________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majordomo@openssl.org
>


------=_Part_18136_3830118.1207614869894
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Yes I know it makes no sense, but this is what I have to do in the assignment.
I complained to the prof already but he still wants to do something like that.

On Mon, Apr 7, 2008 at 6:29 PM, Victor Duchovni <Victor.Duchovni@morganstanley.com> wrote:

On Mon, Apr 07, 2008 at 06:25:21PM -0600, Tuan Vu wrote:



> Assume that I write a client app A and a server app B. A and B set up a SSL

> connection. A wants to send B some file and its signature. Once B receives

> the file and its signature, B has to verify if it's correct or not.



Once you have the SSL connection, just send the file. No need to further

encrypt or sign anything with the keys of the client or server. If you

want to securely transport data signed by yet anothe party, that makes

sense in some cases.



> I dont want A and B to exchange any signing key manually. Instead, I want to

> use A's private key/public key (agreed by both sides during the SSL

> handshake process) to sign and verify signature. Thus, after a SSL

> connection is established, from A's side, I need to get the A's private key

> (part 1). From B's side I need to get B's public key (part 2). I looked at

> the SSL document and only found EVP_PKEY *SSL_get_privatekey(SSL *ssl), can

> I use this API for part 1? If not, what else can I do. And how can I do part



This makes no sense, just do mutual authentication when you set up the

TLS session (B requests and checks A's client cert, A checks B's server

cert), then you have a secure channel and can send arbitrary data without

further encryption.



--

       Viktor.

__________________________________________________ ____________________

OpenSSL Project                                 http://www.openssl.org

User Support Mailing List                    penssl-users@openssl.org">openssl-users@openssl.org

Automated List Manager                           majordomo@openssl.org





------=_Part_18136_3830118.1207614869894--
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org