Software
 » 
Encryption and Cryptography
 » 
OpenSSL
 » 
OpenSSL - User

How to start?

View: New views
3 Messages — Rating Filter:   Alert me  

How to start?

by william estrada :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Hi group,

  I am starting a project that will require using SSL to transmit data
in an encrypted mode. I would like
to find some simple code that I could use as a model for my program. The
program will be a peer to peer
communication using the same code at each end, an SSL Agent. I want to
use "One Time" RSA
authentication method, That means that for each connection, generate an
RSA key before starting the
connection and use it just once. I have the "Socket" code already, I
just need the SSL calls/protocol.

  From what I have gathered, the calls would something like this:

    Generate RSA Key (call rsa_generate_key?)
    Request authentication from other side
    Return my key
    Loop:

        Encrypt packet
        Send packet
        Get response packet
        Decrypt packet
        Process Packet
        Goto Loop

  Does this look right?

  Any pointers (URLs)?

--
William Estrada
MrUmunhum@...
Mt-Umunhum-Wireless.net ( http://Mt-Umunhum-Wireless.net )
Ymessenger: MrUmunhum


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@...
Automated List Manager                           majordomo@...

Re: How to start?

by Bobby Krupczak :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Hi!

>  I am starting a project that will require using SSL to transmit data in an
> encrypted mode. I would like
> to find some simple code that I could use as a model for my program. The
> program will be a peer to peer
> communication using the same code at each end, an SSL Agent. I want to use
> "One Time" RSA
> authentication method, That means that for each connection, generate an RSA
> key before starting the
> connection and use it just once. I have the "Socket" code already, I just
> need the SSL calls/protocol.

I too developed something similar to this.  I used the Network
Security with OpenSSL book pretty extensively to develop a p2p app
that uses ssl for securing communications.  The book has code examples
and simple client/servers that served as the basis for my own code.

>  From what I have gathered, the calls would something like this:
>
>    Generate RSA Key (call rsa_generate_key?)
>    Request authentication from other side
>    Return my key
>    Loop:
>
>        Encrypt packet
>        Send packet
>        Get response packet
>        Decrypt packet
>        Process Packet
>        Goto Loop

You'll basically do the following:

 1) generate your key pairs first time and stash them away
 2) connect to other side via SSL primitives or hand a connection to
    the SSL library
 3) exchange data
 4) tear down the session

OpenSSL will handle the rest.  It really wasnt that complicated.  I
retrofitted my unsecure app with SSL and the number of modules and
files I had to monkey with were pretty small.

Bobby


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@...
Automated List Manager                           majordomo@...

Re: How to start?

by Ger Hobbelt-2 :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

On Tue, Jul 15, 2008 at 10:53 PM, William Estrada <MrUmunhum@...> wrote:
> Hi group,
>
>  I am starting a project that will require using SSL to transmit data in an
> encrypted mode. I would like
> to find some simple code that I could use as a model for my program. The
> program will be a peer to peer
> communication using the same code at each end, an SSL Agent. I want to use
> "One Time" RSA

Have a look at the ./apps/ directory that comes with the OpenSSL
source distro; in particular the s_client and s_server source code are
significant.

Start with that, then progress to see how you can tweak the code to
[only] use RSA.
The applications provided in the apps directory are also useful to see
how you should go about generating keys, etc.


Next to that:
Indulge yourself and only obtain the O'reilly 'OpenSSL' book by John
Viega et al, which is a quite useful addition to the available on-line
documentation. It has been worth it to me; given your question(s), I
am sure it will serve you well too.


On the crypto/SSL coding side: since you appear to want to use one
time keys, try to get a full 'anonymous' (Diffie Hellman) SSL
connection going first, just so you have something that works after
just a few minor tweaks (always nice to see the bytes pop out the
other end like you expect them to); meanwhile read up on the subject
in the OpenSSL book so you get a more detailed view of what you want
and how to go about it.


--
Met vriendelijke groeten / Best regards,

Ger Hobbelt

--------------------------------------------------
web: http://www.hobbelt.com/
 http://www.hebbut.net/
mail: ger@...
mobile: +31-6-11 120 978
--------------------------------------------------
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@...
Automated List Manager                           majordomo@...
LightInTheBox - Buy quality products at wholesale price
Free Forum Powered by Nabble Forum Help