469,924 Members | 1,408 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,924 developers. It's quick & easy.

asymmetric encryption

I have this encryption scheme that I want to implement:

I have an authentication server, which takes clients' credentials to
complete authentication but first I have to encrypt the credentials, I
want to use asymmetric encryption which the server creates the key pair
(public and private keys) but to avoid round trips of the authentication
protocol instead of having the server sending the public key to clients,
I want to have the public key to be hard coded into client code and also
assign the same public key to the server as well but the problem is how
do I get the private key created on the server side in a way that gets
the public and private key mathematically linked?


*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Nov 15 '05 #1
2 5006
Well, you might want to explain how this authentication algorithm/protocol
works first. With your setup, i'm not sure this follows standard procedure
for authentication via asymmetric encryption. Also note that asymmetric
encryption is typically only good at encrypting small bits of info at a
time - 8 to 32 bytes ideally. I usually recommend using it only to
sign/verify data hashes or create an envelope so a symmetric key can be
securely transmitted. Data encryption is best done with stream and block
ciphers (usually symmetric algorithms).

-Rob Teixeira [MVP]

"Paul Fi" <na*******@hotmail.com> wrote in message
news:eS**************@tk2msftngp13.phx.gbl...
I have this encryption scheme that I want to implement:

I have an authentication server, which takes clients' credentials to
complete authentication but first I have to encrypt the credentials, I
want to use asymmetric encryption which the server creates the key pair
(public and private keys) but to avoid round trips of the authentication
protocol instead of having the server sending the public key to clients,
I want to have the public key to be hard coded into client code and also
assign the same public key to the server as well but the problem is how
do I get the private key created on the server side in a way that gets
the public and private key mathematically linked?


*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Nov 15 '05 #2
Hello Paul,

If you want the public key to be in the code, rather than in a keystore, you
will have to generate the keypair on the server first, before you compile
the client, then take the public key from that generated pair and place it
in the client code.

Note: this is an extraordinarily bad idea. No key pair is completely
immune. The moment someone discovers your private key, all of your
installed base of code is compromised.

I'd be concerned about your scheme. How will the client know that the key
has been compromised? How can the client be certain that your address has
not been compromised? How can you inform them of this? That is what the
certificate authority is for, and why they have Certificate Revokation
Lists.

The Public Key Infrastructure has been beaten around for a long time to work
out these issues in fine detail. If you go about circumventing bits of it,
you open yourself up for attack in a manner that will destroy your
credibility the moment an attack is successful.

Think about it.
--- Nick

"Paul Fi" <na*******@hotmail.com> wrote in message
news:eS**************@tk2msftngp13.phx.gbl...
I have this encryption scheme that I want to implement:

I have an authentication server, which takes clients' credentials to
complete authentication but first I have to encrypt the credentials, I
want to use asymmetric encryption which the server creates the key pair
(public and private keys) but to avoid round trips of the authentication
protocol instead of having the server sending the public key to clients,
I want to have the public key to be hard coded into client code and also
assign the same public key to the server as well but the problem is how
do I get the private key created on the server side in a way that gets
the public and private key mathematically linked?


*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Nov 15 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

6 posts views Thread by Tex John | last post: by
13 posts views Thread by no game | last post: by
9 posts views Thread by ILCSP | last post: by
4 posts views Thread by pintu | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.