?
Solved

OpenSSL without certificate

Posted on 2006-04-23
9
Medium Priority
?
898 Views
Last Modified: 2010-02-13
I want to write a small client/server application which make use of OpenSSL for Data Crypting.

Is there any way to do this without certificates?

My case is that i cant share certificates... thats mean i need to connect and Handshake without a certificate. How Can i do this?

Regards woigl
0
Comment
Question by:woigl
  • 4
  • 3
  • 2
9 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 16520465
> Is there any way to do this without certificates?
AFAIK no

> ..  that i cant share certificates..
why would you share certificates?
0
 

Author Comment

by:woigl
ID: 16520478
I want to write a server for configuration purpose and this server allow other clients to connect, but the clients dont have a private key...
0
 

Author Comment

by:woigl
ID: 16520486
Or is it better in this way to work with normal TCP Sockets and crypt the message before sending with MD5?
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
LVL 51

Accepted Solution

by:
ahoffmann earned 800 total points
ID: 16520597
> but the clients dont have a private key...
you don't need a private key for SSL/TLS (https)
0
 
LVL 27

Assisted Solution

by:Tolomir
Tolomir earned 1200 total points
ID: 16520619
Well normal / usual way would be to use SSL i.e. https

You could by a cheap SSLÖ certificate or use openssl to create a private certificate and use it for data encryption:

See http://en.wikipedia.org/wiki/Secure_Sockets_Layer

and http://en.wikipedia.org/wiki/OpenSSL

Tolomir
0
 

Author Comment

by:woigl
ID: 16522933
but as far as i could find out, there is a possibility to receive to certificate from the peer...

Anyone know this?
0
 
LVL 27

Assisted Solution

by:Tolomir
Tolomir earned 1200 total points
ID: 16522981
Yes of cause.

With TLS you can use a certificate on the server side AND from the client side.

That way even the server can be "sure" to talk to the authorized person.

http://en.wikipedia.org/wiki/Transport_Layer_Security

SSL/TLS provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use, only the server is authenticated (i.e. its identity is ensured) while the client remains unauthenticated; mutual authentication requires public key infrastructure (or PKI) deployment to clients. The protocols allow client/server applications to communicate in a way designed to prevent eavesdropping, tampering, and message forgery....

Tolomir
0
 

Author Comment

by:woigl
ID: 16523043
Thats mean my client dont need a certificate because it will receive it from the server side...

which certificate is good? x509

or is there any certificate which dont need a Country and State information?
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 16532388
Please check

The GNU Transport Layer Security Library
http://www.gnu.org/software/gnutls/manual/gnutls.html for further details.

It will explain most of your questions.

Tolomir
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
It’s a season to be thankful, and we’re thankful for users like you who engage on site, solve technology problems, and network with others in the industry. What tech are we most thankful for? Keep reading.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question