Re: How does client decrypt data in a HTTPS-based WebDAV transfer

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks a ton Sander.

So on session setup-phase, the server sends the public-key to the client (which would hardly be a bother, even if it is intercepted by a eavesdropper). This public key is then used to encrypt the data on the client, send over the wire, and decrypted by the server's private key.

That explains the client-to-server-transfer.

However, just one last confirmation regarding the server-to-client-transfer. Is another set of public-private (session) keys pair created? (This would then explain the server-to-client transfer seamlessly, wherein the client would send the (session) public key to the server; server would encrypt data using this (session) public key; send the data over the wire; and the client would then decrypt data using the (session) private key).

Thanks Sander. You have really been a darling in all the help ;-)

Thanks and Regards,
Ajay



On Mon, Mar 26, 2012 at 11:03 AM, Sander Temme <sctemme@xxxxxxxxxx> wrote:
Ajay,
On Mar 25, 2012, at 9:54 PM, Ajay Garg wrote:

> Thanks Eric for the reply.
>
> Eric, but how is the shared secret comfigured?
> I do not remember configuring anything like this for the HTTPS-based WebDAV server.

As your DAV client and the server set up their SSL connection, they exchange information that is used by either side to derive a set of session encryption keys.  This starts with a piece of random data generated by the client, wrapped in the public key from the server's certificate, and sent to the server.  Since only the server has the corresponding private key, no eavesdropper can intercept this piece of data, and no one but the server and client have the proper input material to derive those session keys.

Once the session keys are created, they are used by either side to sign, encrypt, decrypt and verify the SSL records sent across the connection.

So the only thing that is pre-arranged is the key/certificate on the server, and the fact that the client trusts the server certificate (through the CA certificate in the client's key store or CA bundle).

Hope this helps,

S.

> Thanks and Regards,
> Ajay
>
> On Sun, Mar 25, 2012 at 11:39 PM, Eric Covener <covener@xxxxxxxxx> wrote:
> > BUT, HOW IS THE CLIENT ABLE TO DECRYPT THE DATA? (I have been running both
> > webdav server and client on the same machine; so it might very well
> > be the case that some info from "ssl.conf" and/or "httpd.conf" is being used
> > at the client side. However, I am just guessing ...
>
> Under SSL, the client and server negotiate a shared secret used to
> encrypt/decrypt the data.
>
> They can set this up securely because the client starts this process
> with info encrypted with the servers public key.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>


--
sctemme@xxxxxxxxxx            http://www.temme.net/sander/
PGP FP: FC5A 6FC6 2E25 2DFD 8007  EE23 9BB8 63B0 F51B B88A

View my availability: http://tungle.me/sctemme



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux