c++ - Boost.Asio: Writing a SSL Server/Client Too many file types -

-

i want make simple ssl server/client couple using boost.asio. before doing have read ssl, certificates, private keys, public keys etc. used openssl generate private key (.key) , certificate (.crt). certificate self-signed.

then, started digging boost.asio samples. first tried write client. in sample verify file *.pem file. had no idea was. after searching little (googling "how convert crt pem" etc.) got .crt file .pem file since starts -----begin , encoded in base64.

so have done writing client , using .crt file argument of ctx.load_verify_file(). appropriate practice?

to test client, have started writing server. have 3 kinds of files, 2 of them not familiar. are:

  • certificate chain file
  • private key file (the 1 familiar)
  • temporary dh file

in example private key file *.pem file, private key file *.key file. confused. need make conversion?

so explain me:

  • what *.pem file? how can represent private key verification?
  • what certificate chain file?
  • what temporary dh file?

pem file

a pem file (x.509) specifies format representing public certificate, certificate chain, public key, etc. in text format. can have various extensions (.cert, .key, .pem, etc). each item base64 encoded between header , footer:

-----begin <item type>----- item data -----end <item type>-----

for instance, boost.asio ssl example's server.pem file contains:

-----begin certificate----- miib/jccawcccqdladuqor8yctanbgkqhkig9w0baqufada7mqswcqydvqqgewjb vtemmaoga1uecbmdtlnxmq8wdqydvqqhewztewruzxkxdtalbgnvbaotbgfzaw8w ... more lines ... wub94g/gtst9ecvhrkuubn4xt1rz5do20h3vsaztirksfqpdwunybbiva0hsf6pf 287ca1cm106x0vs4dv2f2u0zsszyfoysam1pipcxdyboxa== -----end certificate----- -----begin rsa private key----- proc-type: 4,encrypted dek-info: des-ede3-cbc,9a7cf9c13224c492  w00sj2/d79lri+9lrsnqkbzwio/nbprftn3svqcuatncqowl9bnkznq2csnj8kza stal+pzayjqtijfjxecckb8tu4/apfe2v9/pxuirjzgtj9fhbajlgmpk4ywwscmq ... more lines ... g+psovlngcnfh+z4no5cb4mvntrr1nah6ifhnlrip4yfrk3xphvlkrxn6fheedge evb3xjcgsgnvqcvf5vsymzwz722xglpkk8ig3qlayom4c9rlrkmwwa== -----end rsa private key----- -----begin certificate----- miib7tccavyccqcxkhauh1ygcdanbgkqhkig9w0baqufada7mqswcqydvqqgewjb vtemmaoga1uecbmdtlnxmq8wdqydvqqhewztewruzxkxdtalbgnvbaotbgfzaw8w ... more lines ... mqk2weh6dvq1r7fwqeq1lq10qbdobbjdre9jpezwdgmthbytle6/8whujeq189pr xwzwyrvnfci+pqx832ynrh24ujwuv3wlx3jovbyybcojc05n1thaho0q7j//8hsx vs/rfhuq3muy47cv9gbsciw= -----end certificate-----

do note there other ways present certificates, such pkcs#7 , pkcs#12.

certificate chain

a certificate chain chain of certificates 1 steps through start end until certificate explicitly trusted trusted certificate authority (ca) found.

  • the start of chain contains end-user certificate. certificate issued server connection being made. trusted or intermediate ca may have issued certificate.
  • there may many intermediate certificates between start , end of chain. these issued intermediate ca, , issued either different intermediate ca or trusted ca.
  • the end of chain contains root certificate. issued trusted ca itself. certificates trusted cas distributed web browsers , operating systems.

for example, consider if example.com has been issued certificate alpha intermediate ca; alpha has been issued certificate bravo intermediate ca; , bravo has been issued certificate trusted charlie ca, certificate has been distributed web browser package. example, verification is:

  1. does end-user example.com certificate have alpha issuer?
  2. does example.com certificate verify alpha's key?
  3. does intermediate certificate alpha have bravo issuer?
  4. does alpha's certificate verify bravo's key?
  5. does intermediate certificate bravo have charlie issuer?
  6. does bravo certificate charlie's key?
  7. does root certificate charlie have charlie issuer?
  8. does provided charlie certificate verify against charlie certificate has been installed on system trusted ca?

dh file

the dh file contains initialization values diffie-hellman key exchange, algorithm exchanging keys on public channel while providing perfect forward secrecy. algorithm enables 2 parties generate shared key while minimizing change observer, sees entire exchange, generate same key. parameter generation can expensive, done once in advance , reused multiple key exchanges.

see openssl diffie hellman entry more details.


Comments

Post a Comment

Popular posts from this blog

php - Admin SDK -- get information about the group -

-
please, help. https://www.googleapis.com/admin/directory/v1/groups/106274944935548788283 sending request obtain information group id 1062 ... here link method in google https://developers.google.com/admin-sdk/directory/v1/guides/manage-groups#get_group in response error - 401 unauthorized. oauth authenticate via user has received rights necessary request, included in console admin sdk. authorization successful, there token. not can not understand. if not hard - response. requested information: file_get_contents("https://www.googleapis.com/admin/directory/v1/groups/1062749‌​44935548788283?key=aizasybruhiomdf9nlx9lx3imxwesqmcrnhh4l4"); id group - "106274944935548788283" key applications in case - "aizasybruhiomdf9nlx9lx3imxwesqmcrnhh4l4" error: failed open stream: http request failed! http/1.0 401 unauthorized
Read more

dns - How To Use Custom Nameserver On Free Cloudflare? -

-
i have problem. i own small hosting company. trying add cloudflare site free cdn. problem when sign have change nameservers nameservers. have nameserver dns set through godaddy, how add them cloudflare? main site uses company's nameservers whenever add them site goes offline. when go cloudflare's dns records click on dropdown, click ns, , there's 2 boxes 'name' , 'nameserver'. mean input 'ns1' 'name' , 'ns1.domain.com' 'nameserver'? input server's ip addresses? is there way of accomplishing free version of cloudflare? that impossible. option have custom name servers available on business , enterprise. see https://www.cloudflare.com/plans . also, might mistaken. must change name servers in domain register settings, not on cloudflare.
Read more

Python Error - TypeError: input expected at most 1 arguments, got 3 -

-
can explain why can not use your_name in goal variable? my_name = "bryson" my_age = 29 your_name = input ("what name? ") your_age = input ("what age? ") print ("my name is", my_name,", , am", my_age, "years old.") print ("your name is", your_name,", , are", your_age,".") print("thank buying book,", your_name,"!") goal = input ("what favorite part of book,", your_name, "?") print("awesome!") the error is: goal = input ("what favorite part of book,", your_name, "?") typeerror: input expected @ 1 arguments, got 3 you got error because in fact gave 3 arguments input function when expecting 1 (namely, string prompt). in input ("what favorite part of book,", your_name, "?") ---------------------------------------- , ---------, --- the underlined parts comma-separated arguments: st...
Read more