tags:

views:

46

answers:

3
Q: 

How would one write a private/public key system for a server authentication?

Hi all,

I guess this might have been posted somewhere, I did search, but couldn't find anything.

I have this server on which I run a game server, and where I want to have some TCP server (possibly written in Ruby) that will provide a pseudo-session with few commands available (like restart the game server, send the logs, etc.)

What I want is an SSH-like authentication, where people have public & private DSA keys (which I know how to generate), and the public key is recognized by the server as correct authentication.

I am not looking for code implementation, but mainly how this should be architectured.

What I was thinking was something like:

  • [Client] Connect to the server
  • [Server] Send public key
  • [Client] Send public key encoded with server's public key
  • [Server] Compare the key with a database of authorized clients
  • [Server] Generate session key, send it encrypted with client pub
  • [Client] Decodes session key and starts sending messages always accompanied by the session key

But I feel like this is missing something. Especially, when looking at DSA and PK systems, I keep seeing message signing, and I'm not sure I understand how different it is than using pub keys to encrypt and the session key?

If my question is not clear, I'd be glad to edit my post of course :-).

+1  A: 

If you want a SSL like implementation, then why not just use SSL?

Zimm3r  2010-08-13 23:08:04
That's correct. Thanks for a better advice :-)
naixn  2010-08-14 05:07:22
+2  A: 

Instead of SSH-like, why not use SSH? Or use SSL, which has nearly ubiquitous library support for any platform?

First, it's easier. The code is written, tested, reviewed, and maintained.

Second, it's safer. If you don't understand why messages need to be signed, what else might you be overlooking? Honestly, even TLS (SSL), which has had a lot of scrutiny, had a serious flaw in the renegotiation bug that was recently publicized. Even when you know what you are doing, designing a secure protocol is hard.

By the way, SSH and SSL compute a message authentication code for every protocol record so that a man-in-the-middle cannot tamper with the message content.

erickson  2010-08-13 23:09:29
SSH is out of the question, I do not want them to have a real shell access to the machine.However, I totally understand the point about SSL. For some reason I thought that was not exactly that. In fact, I didn't know X.509 certificates could play a role of a PK system. I will then look into that, thanks for directing me in a better direction!
naixn  2010-08-14 05:06:47
+2  A: 

If you do choose to go the route of implementing your own layer of security (which is sometimes the right answer), there are a lot of subtleties to be aware of. Start by reading what I consider the definitive tomb on the topic:

Bruce Schneier's Applied Cryptography

Kaelin Colclasure  2010-08-13 23:43:53

related questions

How to transition to Functional Programming
List of the top Programming "shows"
How to contribute code back to an Open Source project?
What is Test Driven Development (TDD)?
pass by reference or pass by value?
Could you recommend a good free project hosting website?
Writing A "Conway's Game of Life" Program
Learning to write a compiler
How can I modify .xfdl files? (Update #1)
Followup: "Sorting" colors by distinctiveness
Followup: Finding an accurate "distance" between colors
Windows Help files - what are the options?
A little diversion into floating point (im)precision, part 1
Internationalization in your projects
Efficiently get sorted sums of a sorted list
Format string to title case
GUI Programming APIs
Using combinations of sets as test data
What books would you recommend for a beginning Software Developer?
The Definitive Guide To Website Authentication
What is your solution to the FizzBuzz problem?
Generate list of all possible permutations of a string
When to use unsigned values over signed ones?
Function for creating color wheels
Fastest way to get value of pi