If I want to transfer data between two computers (similar to ssh), does it need a certificate? I mean a server first generates a keypair, stores somewhere to reuse in another session. When a client connects to, they exchange key, then encrypt/decrypt data. Client can also store server public key for connections in future.
Certificates are one way to exchange public keys. So are public key files in various formats. There are also pre-shared keys. If you're thinking of implementing your own security protocol I'll throw out the standard warning that it's a lot harder than one might think to get it right.
Thanks for the help.
As in the manual, chapter 12 (Best Practices for Embedded Devices), do you have any code snippet for key generating and using it with SSL object?
I found the example code in ctaocrypt/test/test.c.
But how can I use the newly created cert & key for SSL object without writing them to file?
If you can't use them as files you can load them as buffers by using the CyaSSL buffer extensions API. See chapter 9 section V.
How can I export the public key from a SSL object? I want to print out the key of servers/clients on screen.
Currently you can't. CyaSSL doesn't store the actual public keys in the SSL object, it only stores the type specific key, RSA for example, while it needs to have it in order to save space and resources.
It might be something we could add as a debug option or something like that.
I am using MakeRsaKey, MakeCert to create self-signed certificates. Could you please let me know why I can't extract public key. I just want to confirm them after call SSL_accept/SSL_connect (DTLS) from server/clients.
Because CyaSSL doesn't store the actual public keys in the SSL object, it only stores the type specific key, RSA for example (in RSA format), while it needs to have it in order to save space and resources.
We may add that in the future.
Log in to post a comment.
Sign up for the SourceForge newsletter:
You seem to have CSS turned off.
Please don't fill out this field.