Question about certificate

Help
aFeLiOn
2011-01-06
2013-04-23
  • aFeLiOn

    aFeLiOn - 2011-01-06

    If I want to transfer data between two computers (similar to ssh), does it need a certificate? I mean a server first generates a keypair, stores somewhere to reuse in another session. When a client connects to, they exchange key, then encrypt/decrypt data. Client can also store server public key for connections in future.

     
  • Todd Ouska

    Todd Ouska - 2011-01-06

    Certificates are one way to exchange public keys.  So are public key files in various formats.  There are also pre-shared keys.  If you're thinking of implementing your own security protocol I'll throw out the standard warning that it's a lot harder than one might think to get it right.

     
  • aFeLiOn

    aFeLiOn - 2011-01-07

    Thanks for the help.
    As in the manual, chapter 12 (Best Practices for Embedded Devices), do you have any code snippet for key generating and using it with SSL object?

     
  • aFeLiOn

    aFeLiOn - 2011-01-07

    I found the example code in ctaocrypt/test/test.c.
    But how can I use the newly created cert & key for SSL object without writing them to file?

     
  • Todd Ouska

    Todd Ouska - 2011-01-07

    If you can't use them as files you can load them as buffers by using the CyaSSL buffer extensions API.  See chapter 9 section V.

     
  • aFeLiOn

    aFeLiOn - 2011-01-14

    How can I export the public key from a SSL object? I want to print out the key of servers/clients on screen.

     
  • Todd Ouska

    Todd Ouska - 2011-01-14

    Currently you can't.  CyaSSL doesn't store the actual public keys in the SSL object, it only stores the type specific key, RSA for example, while it needs to have it in order to save space and resources. 

    It might be something we could add as a debug option or something like that.

     
  • aFeLiOn

    aFeLiOn - 2011-01-18

    I am using MakeRsaKey, MakeCert to create self-signed certificates. Could you please let me know why I can't extract public key. I just want to confirm them after call SSL_accept/SSL_connect (DTLS) from server/clients.

     
  • Todd Ouska

    Todd Ouska - 2011-01-18

    Because CyaSSL doesn't store the actual public keys in the SSL object, it only stores the type specific key, RSA for example (in RSA format), while it needs to have it in order to save space and resources.

    We may add that in the future.

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks