httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ajay Garg <ajaygargn...@gmail.com>
Subject Re: [users@httpd] How does client decrypt data in a HTTPS-based WebDAV transfer
Date Mon, 26 Mar 2012 09:12:29 GMT
Thanks a ton Sander.

So on session setup-phase, the server sends the public-key to the client
(which would hardly be a bother, even if it is intercepted by a
eavesdropper). This public key is then used to encrypt the data on the
client, send over the wire, and decrypted by the server's private key.

That explains the client-to-server-transfer.

However, just one last confirmation regarding the
server-to-client-transfer. Is another set of public-private (session) keys
pair created? (This would then explain the server-to-client transfer
seamlessly, wherein the client would send the (session) public key to the
server; server would encrypt data using this (session) public key; send the
data over the wire; and the client would then decrypt data using the
(session) private key).

Thanks Sander. You have really been a darling in all the help ;-)

Thanks and Regards,
Ajay



On Mon, Mar 26, 2012 at 11:03 AM, Sander Temme <sctemme@apache.org> wrote:

> Ajay,
> On Mar 25, 2012, at 9:54 PM, Ajay Garg wrote:
>
> > Thanks Eric for the reply.
> >
> > Eric, but how is the shared secret comfigured?
> > I do not remember configuring anything like this for the HTTPS-based
> WebDAV server.
>
> As your DAV client and the server set up their SSL connection, they
> exchange information that is used by either side to derive a set of session
> encryption keys.  This starts with a piece of random data generated by the
> client, wrapped in the public key from the server's certificate, and sent
> to the server.  Since only the server has the corresponding private key, no
> eavesdropper can intercept this piece of data, and no one but the server
> and client have the proper input material to derive those session keys.
>
> Once the session keys are created, they are used by either side to sign,
> encrypt, decrypt and verify the SSL records sent across the connection.
>
> So the only thing that is pre-arranged is the key/certificate on the
> server, and the fact that the client trusts the server certificate (through
> the CA certificate in the client's key store or CA bundle).
>
> Hope this helps,
>
> S.
>
> > Thanks and Regards,
> > Ajay
> >
> > On Sun, Mar 25, 2012 at 11:39 PM, Eric Covener <covener@gmail.com>
> wrote:
> > > BUT, HOW IS THE CLIENT ABLE TO DECRYPT THE DATA? (I have been running
> both
> > > webdav server and client on the same machine; so it might very well
> > > be the case that some info from "ssl.conf" and/or "httpd.conf" is
> being used
> > > at the client side. However, I am just guessing ...
> >
> > Under SSL, the client and server negotiate a shared secret used to
> > encrypt/decrypt the data.
> >
> > They can set this up securely because the client starts this process
> > with info encrypted with the servers public key.
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
>
>
> --
> sctemme@apache.org            http://www.temme.net/sander/
> PGP FP: FC5A 6FC6 2E25 2DFD 8007  EE23 9BB8 63B0 F51B B88A
>
> View my availability: http://tungle.me/sctemme
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Mime
View raw message