[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: How to make SFL to make DH dynamic key encryption?



Zvi:

Sorry to confuse you with the CTIL interface; it was built and designed
before the dynamic DH concept was flushed out.  It does indeed require a
certificate in the CTIL instance (sm_free3 in this case for DH).  We use the
certificate to align the algorithms available for that instance, even though
the local private key is not used for ESDH.  You can use one of the provided
DH certificates (e.g. ./test/certs/DHFreeUser1.out) as a dummy.  It is
possible to create the instance with a missing private key; it should be
fine (I have never attempted this); simply create the instance with "NULL"
for the private key and password parameters.

Bob Colestock
VDA.

-----Original Message-----
From: Zvi Agmon [mailto:zvia@xxxxxxxxxx]
Sent: Wednesday, May 31, 2000 3:19 AM
To: 'imc-sfl@xxxxxxx'
Subject: How to make SFL to make DH dynamic key encryption?


Hello,

I started to work with the SFL not long ago and I'm trying to make key
encryption using the DH dynamic method. As I understood I need to have
CSM_CSInst that is loaded with the DH crypto details. Now, is it right that
in order to make it DH dynamic this CSM_CSInst should not be related to any
certificate?
And if so, how can I load it? - all the examples I found in the tests are
loading from certificates.

Is any one can clarify it for me?
   
   Thanks a lot

       Zvi Agmon
       Vanguard Security Technologies
       Tel. 972-4-9891311(Ext. 109), Fax. 972-4-9891322
       email: zvi@xxxxxxxxxx