when i have to pass the message non encrypted, in order for the server to be able to check its digest
Ulf Dittmer wrote:Welcome to the Ranch.
when i have to pass the message non encrypted, in order for the server to be able to check its digest
I'm not clear on why the message would be unencrypted - you said encryption being used? Can't the server decrypt the data and then compute its digest?
An alternative would be to compute the digest on the client and then send only the digest to the server. But that depends on what the purpose of encryption and digest are, and from where to where each is sent - which are details we don't know.
liakos liakoz wrote:
Im new to cryptography so i wasnt sure if the server could participate in the cryptography process. So if i understand right, you suggest that client1 sends the encrypted message and the digest to the server, then the server decrypts the message, digest it and then compare the digests. Then encrypt it again and send it to client2 . But now my question is, what keys does the server use to encrypt/decrypt messages? I use public/private keys for the clients(encrypt with the recipients public key and then the recipient decrypts it with his private key). Should i use the same method for the server as well, or is there another more efficient/right way? I use RSA.
Thanks again and sorry for my English
liakos liakoz wrote:
Im new to cryptography so i wasnt sure if the server could participate in the cryptography process. So if i understand right, you suggest that client1 sends the encrypted message and the digest to the server, then the server decrypts the message, digest it and then compare the digests. Then encrypt it again and send it to client2 . But now my question is, what keys does the server use to encrypt/decrypt messages? I use public/private keys for the clients(encrypt with the recipients public key and then the recipient decrypts it with his private key). Should i use the same method for the server as well, or is there another more efficient/right way? I use RSA.
Thanks again and sorry for my English
liakos liakoz wrote:So, server does not involve at all (only forwards the payload) and we are still safe? Good. Thank you guys, i appreciate your help.
If i need anything else, ill come back later. Cheers
Richard Tookey wrote:I'm not convinced you have achieved 'authentication' since you are using self signed certificates and have not explained how the clients and servers exchange these certificates in a secure and authenticated manner.
liakos liakoz wrote:
So how do i achieve authentication?I just send the certificates inside every message. What should i do instead and why?
PS: I use self signed certificates and im able to retrieve every certificate i want from the keystore
PS2: Is non repudiation achieved with the implementation i described in my previous message?
liakos liakoz wrote:The assignment says that i have to use self signed certificates, not certificate signed by a CA
liakos liakoz wrote:If the moment that a client connects to the server, they exchange certificates, would it make it any better?
Richard Tookey wrote:
liakos liakoz wrote:If the moment that a client connects to the server, they exchange certificates, would it make it any better?
So how do you know if the client is one you trust and wish to allow access to the server?
liakos liakoz wrote:
Richard Tookey wrote:
liakos liakoz wrote:If the moment that a client connects to the server, they exchange certificates, would it make it any better?
So how do you know if the client is one you trust and wish to allow access to the server?
How can i possibly know if im not using certificates signed by a CA? Maybe if a create a root certificate which signs the certificates of the two clients?maybe the certificate of the server too?
liakos liakoz wrote:. Is that good enough to achieve mutual authentication using only self signed certificates?
Thanks.
Did you see how Paul cut 87% off of his electric heat bill with 82 watts of micro heaters? |