Re: Confused by CryptoAPI

lelteto wrote:
First of all, the server should not sign the KEY itself. If it does,
ANYBODY (with the public key) would be able to decrypt it and recover
the negotiated secret session key. (I assume RSA where sign/verify is
the same mod-exp operation ans decrypt/encrypt) You should send a
random salt (encrypted by the session key) and get that signed. In
that case if the signature of the salt is OK you know that the server
was able to use the session key (to decrypt the salt).

I think the OP means that the shared secret key is signed by the server, and
then the server sends the signature back to the client. That allows the
client to verify that the server received the key intact, and does not
expose the key. Signing the key involves creating a cryptographic hash
(one-way function) of the key, and then encrypting that hash with the
private key, so any listener can only decrypt to a hash of the key, which
(if the hash function is valid) does not give any information about the key
itself to such an eavesdropper.

"nde_plume@xxxxxxxxxx" wrote:

I have been looking at the CryptoAPI for a while and remain a little
confused as to how it all plugs together. Basically, what I want to
do is:

1. Client asks in clear for a public key from server, and server
sends it
2. Client generates a symmetric key on a client, encrypts it with a
public key and send this to the server.
3. The server decrypts this, and signs the key with the private key,
and sends it back to the client.
4. The client verifies the signature.
5. Now client and server communicate over the symmetric key generated
in 2 above.

What I don't understand is why you don't simply use SSL. SSL will do
essentially the same overall process (use a key at the server to allow
secured communication with a negotiated shared secret key), and has added
protections on top of that. Designing your own cryptography is often the
cause of bad mistakes that lead to decryption of content you believed was
secure. Using something that has been tested by literally millions of
others, and has had significant cryptanalysis performed on it, should be
preferred to trying something new, that nobody has analysed.

Alun.
~~~~
[Please don't email posters, if a Usenet response is appropriate.]
--
Texas Imperial Software | Find us at http://www.wftpd.com or email
23921 57th Ave SE | alun@xxxxxxxxxx
Washington WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.


.

Relevant Pages

  • Re: encrypt password for webservices
    ... Everything that reads 'SAL' in my previous post should be 'SSL'. ... > uses a session key to encrypt data. ... > of a Web client and a Web server. ...
    (microsoft.public.dotnet.security)
  • RE: Failed to decrypt
    ... The client side creates a session key then export it using the server's ... The server import the session key using its private exchange key. ... The client runs on Windows 2000 and the server runs Windows XP or ...
    (microsoft.public.platformsdk.security)
  • Re: encrypt password for webservices
    ... of a Web client and a Web server. ... decrypt them, because the Web server will use a different session key, i.e. ... >> For storage, do not use encryption, use hashing instead. ...
    (microsoft.public.dotnet.security)
  • RE: [fw-wiz] Security of HTTPS
    ... > out there that intentionally decrypt an SSL connection. ... > product's CA cert is loaded into the client, ... pre-master key and sends it to the server. ... generate the master key which is used to generate the session key. ...
    (Firewall-Wizards)
  • Re: Windows->Linux. Graphical terminal emulator.
    ... client generete and send to server a random number using RSA ... > have the servers public key until it contacts the server, ... Private key can only encrypt information but not decrypt it. ...
    (alt.linux)