Authentication over ECDHE

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello, people. I'm a beginner with OpenSSL and with cryptography in general, and have been wondering how to best implement an upcoming system.

I apologise in advance for any grammar or orthography mistakes, as English isn't my native language.

We have a local network with a databse in which we do most of our processing, and a public machine that runs a webserver. Periodically we have to connect to that server and query new data to process it. The connection to that server is not necessarily trusted.

The problem is that our webserver is slow and clunky and generally just issues another process to deal with any request, which is unnecessary and slow. We want to streamline that process by having a local program run on the server sending a set of predefined queries over a predefined protocol, and then just sent that data back to the client. However, only a select few machines are supposed to be able to get any data from the server, like, those who have a certain private key. If a client can sign a ping that can be decrypted with the client side public key, and if the server can sign a ping that can be decrypted with the servers public key, then both sides are authenticated, and - from my limited understand - a MITM scenario is foiled (unless the MITM manages to steal either private key, which is why I also want to have password protection for the key. I'm away that putting the key into a program compromises the security of the key if an attacker manages to gain access to the server, but in this case it's just supposed to give us some time to stop the programs, close all holes, and generate new keys).

This sounds like a typical RSA scenario, however I also want to have forward security, which requires me to use something with temporary keys only - I'm having ECDHE in mind for that, ECDHE-RSA-AES128-GCM-SHA256 in particular. However, after some research I found out that the "RSA" in that cipher only refers to the temporary keys that are being generated for this connection, and thus authentication would have to be issued on top of TLS, not within the means of TLS itself.

And last, but not least I've read about an attack a little while back how some DH parameters (usually those with a size of 1024 bits) have become stale. If I want to have extra security,

Speed isn't an incredible huge problem, as there will always be just one, at most two connections running with the server. As such its design can be incredible simple, and the connection can be more secure in terms of cryptography than default (4096 RSA keys and 2048 DH params wouldn't be an issue). I expect the bulk of the runtime to be spent on the database server side of things anyway.

I don't want to use certificates. Either a client/server has the necessary private keys to sign data, or the connection is simply refused. I also don't want to use any password, because that requires to share a secret over a to this moment still unverified channel.

My question is thusly how to implement authentication over ECDHE in the best way. My searches for "openssl c sign data with private key" doesn't yield any usable results, which suggests that there is some sort of misunderstanding with the concept of "signing ping/pong with respective private keys". Are there any functions or further documentation to be of help here? Please keep in mind that all of this has been Greek to me until last Friday, and that I'm by no way a cryptography expert.

Thank you for your time and effort in advance.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux