[Botan-devel] Quick Tutorial Question

Rachel Blackman seattlesparks at mac.com
Wed Oct 5 14:26:49 EDT 2005


> Yeah, I know.  To explain further, this isn't -- precisely -- a 
> session thing.  It's more like rapid-fire PGP messages; sending a 
> number of small, separate chunks of data encrypted with a known public 
> key to the holder of the private key.

Lemme try to put this more clearly, actually, since someone on the list 
might have a brilliant idea on a better way. :)

You have a server system that all these clients can connect to.  They 
each maintain a single TLS stream connection, and do not talk to other 
clients directly.  In addition to providing routing between the 
clients, the server stores the public key for each client; each client 
(obviously) holds onto its own private key.

If a client wants to send one of these short little messages to another 
client, it gets the public key for that client from the server (or may 
already have it cached).  It encrypts the message using the public key, 
and tosses it off to the server with some header information.  The 
server parses the header information, routes the message where it needs 
to go; the receiving client uses the private key to decode the payload 
of the packet and act on it accordingly.

Since the streams themselves are encrypted with TLS already, PK using 
RSA seemed a 'sufficient' solution.  It still bothers me a little that 
it's not the 'proper' solution, but...




More information about the botan-devel mailing list