On 11/01/2018 10:35, Bharathi Prasad wrote:
Hello, I want to use static Diffie Hellman key exchange with RSA authentication (DH_RSA) in my application. I am currently using OpenSSL version 1.0.2n. I understand that from version 1.0.2 openSSL supports fixed DH. Here is what I have tried so far. Trial 1: I created DH server and client certificates as described in demo script in master branch demos/certs/mkcerts.sh. I need a certificate in PKCS12 file to import into my application. Since DH certificate do not have private key I used pkcs12 -nokeys option. This approach failed when I tried to read the certificate from my store.
DH certificates DO have an associated private key. A private DH key which will be the same for every connection (the matching public key is in the certificate).
Trial 2. I tried to set DH certificates with SSL_CTX_use_certificate_file() in the client and server applications. After loading the certificate into my ssl context what should I do? Trial 3. I came across some articles where it was suggested that for static DH key exchange append DH parameters to the server certificate. So I appended my DH parameters (2048 key size) to my server certificate and created a pkcs12 file. Import certificate worked however when I tried to read back the certificate from store into x509 object I was unable to retrieve the DH parameters. I could not find a way to retrieve my DH parameters from the server certificate.
Start by doing openssl x509 -noout -text -in serverDHcert.pem to see if they are there, and in what field. Then start looking for functions that retrieve that field from an X509 object. In 1.0.2 that might be a function or a "public" field in the X509 structure.
Trial 4: I placed DH parameter file in my project folder and read the parameters using PEM_read_DHparams(). Then I tried to create DH key with DH_generate_key(); I could not call DH_compute_key as I do not have peer certificate. This configuration is done before I call ssl_connect. So my SSL object is NULL at this point of time.
Only the TLS *server* would have a DH certificate. The TLS client would have a random DH private key for the parameters received from the TLS server, sending the single-use client DH public key to the TLS server. The TLS server would combine it's private DH server key with the received client DH public key in DH_compute_key() called from inside the TLS code. The TLS client would combine it's random DH private key with the public DH server key from the received server certificate in a similar way to get the same shared secret and thus the same shared TLS master secret.
After this I do not know how to proceed. I cannot use SSL_CTX_set_tmp_dh as this api is used for ephemeral Diffie Hellman key exchange. Please let me know where I am going wrong. I need to enable static DH in my application.
Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
