|
Posted by on May 30, 2007, 8:03 am
If you were Registered and logged in, you could reply and use other advanced thread options
Hello All,
I need to send UDP datagrams from numerous client machines
in signed+encrypted form. Origilal messages are text lines,
from 50 to 1800 characters long,
1 to 100 messages per second per client.
Options are:
1. Asymmetric. Generate two RSA keypairs per client,
sign with private A, encrypt with public B, base64, send.
This is a well tested solution, no performance issues.
main difficulty is key management. Key is 2048 long,
all datagrams are 2048 long, no matter how long
original messages are. Good obscurity :-)
2. Symmetric proprietary format.
For every message:
Sign with prvate A.
Generate random password, encrypt the payload with it.
Encrypt this password with public B, prepend to payload.
Also a tested solution. Disadvandage is key management
and proprietary message format.
3. Send a message as a pkcs#7 token.
Lots of advantages, as we have pkcs#7 capable HSM
on datagram collection server, and the relevant CA can
be used for certificate management on the clients.
Question is, can I generate pkcs#7 from cleartext + (PEM keys or
certificates)?
How?
Or I totally misunderstand the whole idea?
Thanks,
Andrei
|
| Similar Threads | Posted | | ICMP Type 8 Echo Request packet security concerns | October 11, 2005, 5:39 am |
| Sign On Authentication | August 15, 2005, 7:56 pm |
| Single Sign-on API | May 31, 2007, 9:44 pm |
| .NET and J2EE single sign-on | February 15, 2005, 11:46 am |
| Proxy sign messages | July 26, 2005, 12:58 pm |
| J2EE single sign-on | August 31, 2005, 6:42 pm |
| Sign e-mail with server certificate | February 22, 2005, 4:17 pm |
| digitally sign office and pdf's??? | June 11, 2007, 10:21 am |
|
XML site map