Re: RSA Key Exchange

From: CJ Taylor ([cege])
Date: 04/20/04 

Date: Tue, 20 Apr 2004 10:27:39 -0500

Hey Bryan,

In what setting do you want to know how they are exchanged? It doesn't
really matter how if you think about it.

Let's take a simple example.

we have client A and Server B. Client A wants to communicate securely with
Server B, so it initiates a request saying "Hey... lets talk..." server
responds back, "ok."

At this point is where we can do key exchange, how we want to do it is up to
us, because after all, the only thing we are going to exchange between them
is the public keys (yeah, again, try to crack 128 bit RSA key... see ya in
a couple years).

So client A says "Hey, here's my public key, encrypt all packets coming out
with it."

Server says. "OK. I want the same. here's my public key, I'll go ahead and
encrypt it in your public key to make it even more secure" (this way only
one public key is ever known).

Now each one has a public key, so secured communications continue. each
packet is encrypted with the opposing public key and decrypted by the proper
public key, then communications end.

The point being, its pretty simple, you can set it up anyway you want to,
because all your doing is exchanging keys. This assumes you set up your own
client and server. Now, if your trying to interface with an applicatoin
already in existance (i.e. IIS/HTTPS) then the provider will have a format
they want the key sent in.

So, you need to go to them... Or you need to explain what application your
trying to start secure communications with... otherwise, source code is
useless, because what I just said is jsut one method of doing PKE

> Thanks Cor,
>
> I was hoping to find some code examples mostly regarding key exchange. I
> understand cryptography somewaht well and i know how public key exchanges
> work, i just cant figure out how to implement it.
>
> like i said, any code is appreciated.. thanks in advanced guys
>
> bryan
>
> "Cor Ligthert" <notfirstname@planet.nl> wrote in message
> news:ebTdmMqJEHA.1132@TK2MSFTNGP12.phx.gbl...
> > Hi Bryan,
> >
> > To come to the encription classes type as keyword "Rijndael" into the
MSDN
> > search box
> >
> > msdn.microsoft.com
> >
> > Than you find a bunch of samples.
> >
> > I hope this helps?
> >
> > Cor
> >
> >
>
>

Relevant Pages

  • Re: New Method for Authenticated Public Key Exchange without Digital Certificates
    ... so i ask to exchange keys with somebody ... ... while such a extended man-in-the-middle attack isn't impossible ... things that are the public key exchange ... ... so an ongoing man-in-the-middle substitution attack on typical PGP ...
    (sci.crypt)
  • Re: Key establishment question
    ... machines need to exchange two random numbers, e.g., R1, R2, if ... Diffie-Hellman is used. ... encrypt it with my private key. ... The fact that my public key decrypts ...
    (comp.security.misc)
  • Re: Reading encrypted mail?
    ... Exchange Reporting & Analysis: http://www.quest.com/messagestats/ ... There's a public key and private key involved ... ... >>> delegated mailbox access to read received encrypted messages in the ...
    (microsoft.public.exchange.admin)
  • Re: Need General Encryption Guidance
    ... >Exchange/Outlook seems to offer quite a bit of functionality. ... Exchange and Outlook only allow you to use a certificate to sign (or ... recipient must have your public key and they *should* trust your CA ... That expense ...
    (microsoft.public.exchange.admin)
  • How does this work?
    ... prevent man-in-middle attack to Diffie_hellman exchange by "Encrypt ... the Diffie_Hellman value with the other side's public key". ...
    (sci.crypt)