[Botan-devel] Quick Tutorial Question
seattlesparks at mac.com
Wed Oct 5 14:26:49 EDT 2005
> Yeah, I know. To explain further, this isn't -- precisely -- a
> session thing. It's more like rapid-fire PGP messages; sending a
> number of small, separate chunks of data encrypted with a known public
> key to the holder of the private key.
Lemme try to put this more clearly, actually, since someone on the list
might have a brilliant idea on a better way. :)
You have a server system that all these clients can connect to. They
each maintain a single TLS stream connection, and do not talk to other
clients directly. In addition to providing routing between the
clients, the server stores the public key for each client; each client
(obviously) holds onto its own private key.
If a client wants to send one of these short little messages to another
client, it gets the public key for that client from the server (or may
already have it cached). It encrypts the message using the public key,
and tosses it off to the server with some header information. The
server parses the header information, routes the message where it needs
to go; the receiving client uses the private key to decode the payload
of the packet and act on it accordingly.
Since the streams themselves are encrypted with TLS already, PK using
RSA seemed a 'sufficient' solution. It still bothers me a little that
it's not the 'proper' solution, but...
More information about the botan-devel