[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [DotGNU]Encryption protocols
From: |
Chris Smith |
Subject: |
Re: [DotGNU]Encryption protocols |
Date: |
Mon, 10 Mar 2003 11:57:55 +0000 |
User-agent: |
KMail/1.4.3 |
Okay. I've been doing a lot with openssl with the dgee stuff (actually its
part of Goldwater and is required where you want to encrypt data passing
between distributed Goldwater (dgee) nodes).
Norbert and I have discussed OpenSSL and GnuPGP at great length in terms of
licencing (as openssl isn't gpl, but fairly compatible). The solution that
came up was to use 'a crypt toolkit' but not specifically openssl or
gnupgp.... OpenSSL would be the prefered option IMO as it's so well respected
and trusted, but GNUPgp sould be the default at compile time as it's GPL...
(I'd want to use openssl every time though TBH :o)
If you're going to use openssl/gnupgp from C# within pnet I'd suggest using
the InternalCall mechanism to bind to a C abstraction layer that hides the
differences between openssl and other toolkits. Doing it this way means that
any code running within ILEngine has access to the crypt primitives,
regardless of the language they're written in.
I agree with Rhys though, you don't really need to implement your own security
algorithm using combinations of encryption types as SSL/TLS will surely do
everything you want, as long as you're encrypting a network link. If you
need to encrypt a block of data, and then transmit it using a variety of
methods, including storing it on disc for instance, then you need to do the
encryption yourself.
99% of the time you need to protect your network channel. You'll need no mre
than SSL/TLS for this - and if you use session resumption (the slow) startup
handshakes can be avoided.
If SSL./TLS doesn't fit the job I'd be asking 'Why?'. They are rare, but do
happen and you may have one of those, but I'd be suspicious.
Cheers,
Chris 'Happy to discuss SSL at any Time :o)'
On Sunday 09 Mar 2003 09:19, Peter Minten wrote:
> Hi folks,
>
> I promised on IRC yesterday to look into openssl and which parts of it are
> useful to DotGNU. A quick look revealed that 2 protocols might be very
> useful: RSA and blowfish. RSA is good for the authentication (since it uses
> public and private keys) and blowfish is good for the encryption of
> communication.
>
> It would work like this: you authenticate with the slow RSA protocol, at
> the end of the authentication you get an blowfish key and that's used for
> encryption of the communication of this session (since blowfish is a lot
> faster than RSA the change is worthwhile).
>
> Greetings,
>
> Peter
>
> PS: Interesting in this context is this article:
> http://tldp.org/LDP/LG/current/vinayak.html .
>
> _______________________________________________
> Developers mailing list
> address@hidden
> http://www.dotgnu.org/mailman/listinfo/developers
--
Chris Smith
Technical Architect - netFluid Technology Ltd.
"Internet Technologies, Distributed Systems and Tuxedo Consultancy"
E: address@hidden W: http://www.nfluid.co.uk
Re: [DotGNU]Encryption protocols, Peter Minten, 2003/03/09
Re: [DotGNU]Encryption protocols,
Chris Smith <=