[openssl-users] Authentication over ECDHE
c.wehrmeyer at freshlions.de
Mon Dec 24 11:51:17 UTC 2018
Hello, people. I'm a beginner with OpenSSL and with cryptography in
general, and have been wondering how to best implement an upcoming system.
I apologise in advance for any grammar or orthography mistakes, as
English isn't my native language.
We have a local network with a databse in which we do most of our
processing, and a public machine that runs a webserver. Periodically we
have to connect to that server and query new data to process it. The
connection to that server is not necessarily trusted.
The problem is that our webserver is slow and clunky and generally just
issues another process to deal with any request, which is unnecessary
and slow. We want to streamline that process by having a local program
run on the server sending a set of predefined queries over a predefined
protocol, and then just sent that data back to the client. However, only
a select few machines are supposed to be able to get any data from the
server, like, those who have a certain private key. If a client can sign
a ping that can be decrypted with the client side public key, and if the
server can sign a ping that can be decrypted with the servers public
key, then both sides are authenticated, and - from my limited understand
- a MITM scenario is foiled (unless the MITM manages to steal either
private key, which is why I also want to have password protection for
the key. I'm away that putting the key into a program compromises the
security of the key if an attacker manages to gain access to the server,
but in this case it's just supposed to give us some time to stop the
programs, close all holes, and generate new keys).
This sounds like a typical RSA scenario, however I also want to have
forward security, which requires me to use something with temporary keys
only - I'm having ECDHE in mind for that, ECDHE-RSA-AES128-GCM-SHA256 in
particular. However, after some research I found out that the "RSA" in
that cipher only refers to the temporary keys that are being generated
for this connection, and thus authentication would have to be issued on
top of TLS, not within the means of TLS itself.
And last, but not least I've read about an attack a little while back
how some DH parameters (usually those with a size of 1024 bits) have
become stale. If I want to have extra security,
Speed isn't an incredible huge problem, as there will always be just
one, at most two connections running with the server. As such its design
can be incredible simple, and the connection can be more secure in terms
of cryptography than default (4096 RSA keys and 2048 DH params wouldn't
be an issue). I expect the bulk of the runtime to be spent on the
database server side of things anyway.
I don't want to use certificates. Either a client/server has the
necessary private keys to sign data, or the connection is simply
refused. I also don't want to use any password, because that requires to
share a secret over a to this moment still unverified channel.
My question is thusly how to implement authentication over ECDHE in the
best way. My searches for "openssl c sign data with private key" doesn't
yield any usable results, which suggests that there is some sort of
misunderstanding with the concept of "signing ping/pong with respective
private keys". Are there any functions or further documentation to be of
help here? Please keep in mind that all of this has been Greek to me
until last Friday, and that I'm by no way a cryptography expert.
Thank you for your time and effort in advance.
More information about the openssl-users