Do you have a question? Post it now! No Registration Necessary. Now with pictures!
May 30, 2007, 12:03 pm
rate this thread
I need to send UDP datagrams from numerous client machines
in signed+encrypted form. Origilal messages are text lines,
from 50 to 1800 characters long,
1 to 100 messages per second per client.
1. Asymmetric. Generate two RSA keypairs per client,
sign with private A, encrypt with public B, base64, send.
This is a well tested solution, no performance issues.
main difficulty is key management. Key is 2048 long,
all datagrams are 2048 long, no matter how long
original messages are. Good obscurity :-)
2. Symmetric proprietary format.
For every message:
Sign with prvate A.
Generate random password, encrypt the payload with it.
Encrypt this password with public B, prepend to payload.
Also a tested solution. Disadvandage is key management
and proprietary message format.
3. Send a message as a pkcs#7 token.
Lots of advantages, as we have pkcs#7 capable HSM
on datagram collection server, and the relevant CA can
be used for certificate management on the clients.
Question is, can I generate pkcs#7 from cleartext + (PEM keys or
Or I totally misunderstand the whole idea?
- » HPSBUX02087 SSRT4728 rev.5 - HP-UX running TCP/IP Remote Denial of Service (DoS)
- — Previous thread in » General Computer Security