------=_Part_18191_31092100.1207615998985
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

I made a typo so here is my question again:

After a SSL connection is established, from A's side, I need to get the A's
private key
part 1). From B's side I need to get A's public key (part 2). I looked at
the SSL document and only found EVP_PKEY *SSL_get_privatekey(SSL *ssl), can
I use this API for part 1? If not, what else can I do. And how can I do part
2.

I know it doesnt make sense but it's what I have to do. Do you have any
idea? Thanks.

On Mon, Apr 7, 2008 at 6:34 PM, Tuan Vu wrote:

> Yes I know it makes no sense, but this is what I have to do in the
> assignment.
> I complained to the prof already but he still wants to do something like
> that.
>
>
> On Mon, Apr 7, 2008 at 6:29 PM, Victor Duchovni <
> Victor.Duchovni@morganstanley.com> wrote:
>
> > On Mon, Apr 07, 2008 at 06:25:21PM -0600, Tuan Vu wrote:
> >
> > > Assume that I write a client app A and a server app B. A and B set up

> > a SSL
> > > connection. A wants to send B some file and its signature. Once B

> > receives
> > > the file and its signature, B has to verify if it's correct or not.

> >
> > Once you have the SSL connection, just send the file. No need to further
> > encrypt or sign anything with the keys of the client or server. If you
> > want to securely transport data signed by yet anothe party, that makes
> > sense in some cases.
> >
> > > I dont want A and B to exchange any signing key manually. Instead, I

> > want to
> > > use A's private key/public key (agreed by both sides during the SSL
> > > handshake process) to sign and verify signature. Thus, after a SSL
> > > connection is established, from A's side, I need to get the A's

> > private key
> > > (part 1). From B's side I need to get B's public key (part 2). I

> > looked at
> > > the SSL document and only found EVP_PKEY *SSL_get_privatekey(SSL

> > *ssl), can
> > > I use this API for part 1? If not, what else can I do. And how can I

> > do part
> >
> > This makes no sense, just do mutual authentication when you set up the
> > TLS session (B requests and checks A's client cert, A checks B's server
> > cert), then you have a secure channel and can send arbitrary data
> > without
> > further encryption.
> >
> > --
> > Viktor.
> > __________________________________________________ ____________________
> > OpenSSL Project http://www.openssl.org
> > User Support Mailing List openssl-users@openssl.org
> > Automated List Manager majordomo@openssl.org
> >

>
>
>


------=_Part_18191_31092100.1207615998985
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

I made a typo so here is my question again:

After a SSL connection is established, from A's side, I need to get the A's private key
 part 1). From B's side I need to get A's public key (part 2). I looked at

 the SSL document and only found EVP_PKEY *SSL_get_privatekey(SSL *ssl), can
I use this API for part 1? If not, what else can I do. And how can I do part 2.

I know it doesnt make sense but it's what I have to do. Do you have any idea? Thanks.


On Mon, Apr 7, 2008 at 6:34 PM, Tuan Vu <langthang4phuong@gmail.com> wrote:

Yes I know it makes no sense, but this is what I have to do in the assignment.
I complained to the prof already but he still wants to do something like that.



On Mon, Apr 7, 2008 at 6:29 PM, Victor Duchovni <Victor.Duchovni@morganstanley.com> wrote:

On Mon, Apr 07, 2008 at 06:25:21PM -0600, Tuan Vu wrote:



> Assume that I write a client app A and a server app B. A and B set up a SSL

> connection. A wants to send B some file and its signature. Once B receives

> the file and its signature, B has to verify if it's correct or not.



Once you have the SSL connection, just send the file. No need to further

encrypt or sign anything with the keys of the client or server. If you

want to securely transport data signed by yet anothe party, that makes

sense in some cases.



> I dont want A and B to exchange any signing key manually. Instead, I want to

> use A's private key/public key (agreed by both sides during the SSL

> handshake process) to sign and verify signature. Thus, after a SSL

> connection is established, from A's side, I need to get the A's private key

> (part 1). From B's side I need to get B's public key (part 2). I looked at

> the SSL document and only found EVP_PKEY *SSL_get_privatekey(SSL *ssl), can

> I use this API for part 1? If not, what else can I do. And how can I do part



This makes no sense, just do mutual authentication when you set up the

TLS session (B requests and checks A's client cert, A checks B's server

cert), then you have a secure channel and can send arbitrary data without

further encryption.



--

       Viktor.

__________________________________________________ ____________________

OpenSSL Project                                 http://www.openssl.org

User Support Mailing List                    penssl-users@openssl.org" target="_blank">openssl-users@openssl.org

Automated List Manager                           majordomo@openssl.org







------=_Part_18191_31092100.1207615998985--
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org