Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

Question about certificate

Help
aFeLiOn
2011-01-06
2013-04-23
  • aFeLiOn
    aFeLiOn
    2011-01-06

    If I want to transfer data between two computers (similar to ssh), does it need a certificate? I mean a server first generates a keypair, stores somewhere to reuse in another session. When a client connects to, they exchange key, then encrypt/decrypt data. Client can also store server public key for connections in future.

     
  • Todd Ouska
    Todd Ouska
    2011-01-06

    Certificates are one way to exchange public keys.  So are public key files in various formats.  There are also pre-shared keys.  If you're thinking of implementing your own security protocol I'll throw out the standard warning that it's a lot harder than one might think to get it right.

     
  • aFeLiOn
    aFeLiOn
    2011-01-07

    Thanks for the help.
    As in the manual, chapter 12 (Best Practices for Embedded Devices), do you have any code snippet for key generating and using it with SSL object?

     
  • aFeLiOn
    aFeLiOn
    2011-01-07

    I found the example code in ctaocrypt/test/test.c.
    But how can I use the newly created cert & key for SSL object without writing them to file?

     
  • Todd Ouska
    Todd Ouska
    2011-01-07

    If you can't use them as files you can load them as buffers by using the CyaSSL buffer extensions API.  See chapter 9 section V.

     
  • aFeLiOn
    aFeLiOn
    2011-01-14

    How can I export the public key from a SSL object? I want to print out the key of servers/clients on screen.

     
  • Todd Ouska
    Todd Ouska
    2011-01-14

    Currently you can't.  CyaSSL doesn't store the actual public keys in the SSL object, it only stores the type specific key, RSA for example, while it needs to have it in order to save space and resources. 

    It might be something we could add as a debug option or something like that.

     
  • aFeLiOn
    aFeLiOn
    2011-01-18

    I am using MakeRsaKey, MakeCert to create self-signed certificates. Could you please let me know why I can't extract public key. I just want to confirm them after call SSL_accept/SSL_connect (DTLS) from server/clients.

     
  • Todd Ouska
    Todd Ouska
    2011-01-18

    Because CyaSSL doesn't store the actual public keys in the SSL object, it only stores the type specific key, RSA for example (in RSA format), while it needs to have it in order to save space and resources.

    We may add that in the future.