0

I am new to encryption and mutual authentication. I am supposed to have a server which issues certificates (maybe on a self-signed Linux machine) and clients which access this server to get a certificate and later these clients establish mutual authentication between themselves by verifying the certificate issued by the server without contacting the server (i.e in an offline mode).

Can anyone please point me to the right video tutorials or code and description links that can be useful to achieve the above stated scenario.

Thanks.

jww
  • 97,681
  • 90
  • 411
  • 885
lone_wolf
  • 1
  • 1
  • 3
  • More info is really needed. Will there be thousands of clients? Will a client want to communicate with several other clients? Then will each client will need the public key of every client it will communicate with? Like a mesaging app? It really is better if you back off the specifics and present what you are trying to accomplish in more detail. – zaph Jun 20 '16 at 23:44
  • Stack Overflow is a site for programming and development questions. This question appears to be off-topic because it is not about programming or development. See [What topics can I ask about here](http://stackoverflow.com/help/on-topic) in the Help Center. Perhaps [Information Security Stack Exchange](http://security.stackexchange.com/) would be a better place to ask. Also [Where do I post questions about Dev Ops?](http://meta.stackexchange.com/q/134306). – jww Jun 21 '16 at 06:45

1 Answers1

1

Can anyone please point me to the right video tutorials or code and description links that can be useful to achieve the above stated scenario.

You have not provided enough information. Here's some things that may get you pointed in the right direction.

If the same Issuer issues certificates for the server and the clients (like an organizations internal CA), then its traditional PKIX with client certificates.

If a client wants to use their own certificate not issued by anyone, then check out Origin Bound Certificates. These are 'tear off" certificates, and clients generate them on the fly as needed.

There's also a technique created by a fellow named Jake Thompson which cleverly uses the <keygen> tag to build a channel with mutual authentication to thwart MitM attacks that are facilitated by browsers.

Browsers claim interception and MitM is a valid use case in their security models. Incidentally, the usefulness of the <keygen> to thwart MitM is one of the unspoken reasons the <keygen> tag is going away. It breaks the browser's interception model.

jww
  • 97,681
  • 90
  • 411
  • 885
  • After generating CSR on two client machines how can i get them a signed certificate from the self-signed CA based on the csr generated? – lone_wolf Jun 21 '16 at 19:42
  • @sharath - [How do you sign Certificate Signing Request with your Certification Authority?](http://stackoverflow.com/q/21297139) – jww Jun 21 '16 at 21:44