Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: SSL/TLS uses the public key to encrypt data ?
Operating Systems Linux SSL/TLS uses the public key to encrypt data ? Post 302495216 by DGPickett on Wednesday 9th of February 2011 04:45:36 PM
Old 02-09-2011
SSL uses the PPK and diffie-hellman to share a random session key, and then uses that to encrypt the session. (You thought it would be simple?) This reduces the exposure of the PPK. The session key can be regenerated at intervals, reducing its exposure.

The digital signature, chain of trust from certificate to certificate on PPK is to ensure you have the true correspondent, not some hacker who has rerouted your connection.

I just use it and trust, but this helps explain the slow start and the advantages of HTTP/1.1 persistent on https.
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Secure ftp using ssl/tls

We have a requirement to setup secure ftp between our AIX v5.3 system and our mainframe. We don't want to use openssh with sftp and scp. Our mainframe uses ftp over ssl/tls so we have to use this on our AIX box. We have openssl on our AIX system but I'm not sure how to setup ssl/tls over ftp on... (4 Replies)
Discussion started by: DANNYC
4 Replies

2. UNIX for Dummies Questions & Answers

SSL Public key/Private question

Hi everyone, I have a quick/newb question: I know that a public key is used to encrypt data and a private key is used to decrypt data but who keeps the public/private keys?? Does the Web Server hold both? Does the Web Server have the public key and does the client have the private key? ... (3 Replies)
Discussion started by: tical00
3 Replies

3. Cybersecurity

TLS/SSL vulnerability explained

Here's a pretty good, and even PHB-compatible, explanation of the current TLS/SSl protocol vulnerability, including samples. (0 Replies)
Discussion started by: pludi
0 Replies

4. UNIX for Dummies Questions & Answers

TLS/SSL Openldap Centos 5.5

hi guys I configured my openldap but now I want to implement SSL-TLS This is my basic slapd.conf configuration include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include ... (2 Replies)
Discussion started by: karlochacon
2 Replies

5. Solaris

Solaris 8 ssh public key authentication issue - Server refused our key

Hi, I've used the following way to set ssh public key authentication and it is working fine on Solaris 10, RedHat Linux and SuSE Linux servers without any problem. But I got error 'Server refused our key' on Solaris 8 system. Solaris 8 uses SSH2 too. Why? Please help. Thanks. ... (1 Reply)
Discussion started by: aixlover
1 Replies

6. Red Hat

HOW TO DISABLE SSL/TLS RENEGOTIATION?

Hi guys, Those who work on Apache may help me on this. I have following problem Description: The remote service encrypts traffic using TLS / SSL and permits clients to renegotiate connections. The computational requirements for renegotiating a connection are asymmetrical between the... (3 Replies)
Discussion started by: manalisharmabe
3 Replies

7. UNIX for Advanced & Expert Users

ldap over tls -- ssl cert help

Hey Guys, I am trying to setup ldap over tls in our lab. I am generating a self signed cert on the ldap server and importing that into the ldap system so it will use ldap over port 636. The clients will be a mix of solaris and redhat. I am lost on what I need to do on the client side to get... (0 Replies)
Discussion started by: s ladd
0 Replies

8. Shell Programming and Scripting

SSH shell script to access FTP over explicit TLS/SSL

Hello, I use the following SSH script to upload *.jpg files via FTP: #!/usr/bin/expect set timeout -1 spawn ftp -v -i expect "" send "\r" expect "Password:" send "\r" expect "ftp>" send "mput *.jpg\r" expect "ftp>" send "quit\r" replaced with actual ftp server/account data. ... (5 Replies)
Discussion started by: mrpi007
5 Replies

9. UNIX for Advanced & Expert Users

SSL/TLS with openldap

Hello to all, I'm beguinner in Linux instalations and I'm trying to Communicate from Web Sites that i have running under apache with openLDAP for users authentication using SSL mediation that seems to be connected with LDAPS. Can someone advise me how to do this, I have already installed... (1 Reply)
Discussion started by: CPMarco
1 Replies

LEARN ABOUT CENTOS

rsa_private_decrypt

RSA_public_encrypt(3)						      OpenSSL						     RSA_public_encrypt(3)

NAME

       RSA_public_encrypt, RSA_private_decrypt - RSA public key cryptography

SYNOPSIS

	#include <openssl/rsa.h>

	int RSA_public_encrypt(int flen, unsigned char *from,
	   unsigned char *to, RSA *rsa, int padding);

	int RSA_private_decrypt(int flen, unsigned char *from,
	    unsigned char *to, RSA *rsa, int padding);

DESCRIPTION

       RSA_public_encrypt() encrypts the flen bytes at from (usually a session key) using the public key rsa and stores the ciphertext in to. to
       must point to RSA_size(rsa) bytes of memory.

       padding denotes one of the following modes:

       RSA_PKCS1_PADDING
	   PKCS #1 v1.5 padding. This currently is the most widely used mode.

       RSA_PKCS1_OAEP_PADDING
	   EME-OAEP as defined in PKCS #1 v2.0 with SHA-1, MGF1 and an empty encoding parameter. This mode is recommended for all new
	   applications.

       RSA_SSLV23_PADDING
	   PKCS #1 v1.5 padding with an SSL-specific modification that denotes that the server is SSL3 capable.

       RSA_NO_PADDING
	   Raw RSA encryption. This mode should only be used to implement cryptographically sound padding modes in the application code.
	   Encrypting user data directly with RSA is insecure.

       flen must be less than RSA_size(rsa) - 11 for the PKCS #1 v1.5 based padding modes, less than RSA_size(rsa) - 41 for RSA_PKCS1_OAEP_PADDING
       and exactly RSA_size(rsa) for RSA_NO_PADDING.  The random number generator must be seeded prior to calling RSA_public_encrypt().

       RSA_private_decrypt() decrypts the flen bytes at from using the private key rsa and stores the plaintext in to. to must point to a memory
       section large enough to hold the decrypted data (which is smaller than RSA_size(rsa)). padding is the padding mode that was used to encrypt
       the data.

RETURN VALUES

       RSA_public_encrypt() returns the size of the encrypted data (i.e., RSA_size(rsa)). RSA_private_decrypt() returns the size of the recovered
       plaintext.

       On error, -1 is returned; the error codes can be obtained by ERR_get_error(3).

CONFORMING TO

       SSL, PKCS #1 v2.0

SEE ALSO

       ERR_get_error(3), rand(3), rsa(3), RSA_size(3)

HISTORY

       The padding argument was added in SSLeay 0.8. RSA_NO_PADDING is available since SSLeay 0.9.0, OAEP was added in OpenSSL 0.9.2b.

1.0.1e								    2013-02-11						     RSA_public_encrypt(3)
All times are GMT -4. The time now is 05:52 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy