OpenSSL, Public Keys and Private Keys

I've recently been experimenting with the OpenSSL API in C, and I'm confused about a few of the setup functions, as well as certain concepts in Public Key cryptography overall.

I understand, in general, how Public Key cryptography works. You have a Public Key which is available to everyone, and then both server and client have a Private Key which is secret, and which is necessary to decrypt the messages.

However, I'm a bit confused as to when you actually need a Public key. Would a web browser, for example, need a Public Key? I would think not, since it seems that in most use cases, only a server (not a client) would need a Public Key. If both server and client have a public key, which one is used?

Adding to my confusion, i开发者_JAVA技巧s the fact that the OpenSSL API defines a function SSL_CTX_use_PrivateKey_file(), but there is no corresponding SSL_CTX_use_PublicKey_file(). In my experiments, I wrote a simple web client that connects to an https website and downloads a file. It works fine, and no Public Key was needed. I simply created a Private Key using the OpenSSL command line tools, and then called SSL_CTX_use_PrivateKey_file() in my program.

But, if I were writing a server, as opposed to a client, wouldn't I need a Public Key? And if so, why do I not see anything like use_PublicKey_file in the OpenSSL API?

In a TLS/SSL connection, a public key is supplied as part of a certificate that is used to authenticate one party - the certificate ties an identity to a particular public key. The server side always supplies a certificate (public key), because the server side must always prove its identity to the client.

It is also possible for the client to supply a certificate, if it wants to prove its identity (and it has a suitable certificate) - in your web browser example, it's usually the case that a client certificate isn't supplied, but it is possible. Some web sites do use client certificates for authentication.

If a public key is used, the corresponding private key must be used too - the keys come as a pair. The corresponding function to supply the public key is SSL_CTX_use_certificate() - the public key is part of the certificate. Supplying one without the other is pointless - in your client example, you could have omitted the call to SSL_CTX_use_PrivateKey_file() entirely.

In general, private keys are for decryption, public keys are for encryption and verification.

I'm not that familiar with the OpenSSL C interfaces, but my guess is that you're not actually doing anything with the key you loaded from the file. The download routine you're using is pulling down the web server's cert, verifying it's signature against a known chain of signing authorities, and then negotiating tls (shared cipher) encryption stream.

In other words, for HTTPS, the public key encryption is only used for your computer to verify the authenticity of the server prior to stream cipher negotiation. Once that's complete, both parties will have a shared key and the everything is encrypted using regular crypto.

The TLS RFC has all the gory details.

Keys come in pairs -- for every public key, there's a corresponding private key and for every private key there's a corresponding public key. So it makes no sense at all to talk about THE private key or THE public key -- instead you need to specify WHICH key you are talking about.

In a 'normal' (non-client-authenticated) SSL connection, there is one key-pair, the server's key pair. The server knows its own private key and the client needs to know the server's public key, which usually comes in the form of a certificate which is signed by some certificate authority's private key. So when the client first connects to the server, the first thing the server does is send its public key certificate (so the client has it). The client authenticates the certificate using the CA's public key (which needs to be built in or pre-loaded.) Then the client makes a 'secret' (a random number) and encrypts it with the server's public key and sends it to the server which can decrypt it with its private key. That secret is then used to seed a key for a symmetric cipher that is used for further communication.

In an authenticated SSL connection, both the client and server have private keys and provide their certificates (with the corresponding public keys) across the connection before establishing the secure connection.

Public keys are usually not required for the client. The client will generate a random public key during the handshake so that the server can encrypt messages that only the client can decrypt, but the lifetime of this public key is the same as the connection's lifetime.

As a client, in order to get a public key of a server, you will use a certificate SSL_CTX_use_certificate_file. The certificate contains the public key and is usually validated by a trusted certificate issuer. This guarantees for the client the authencity of the server, as long as you trust the certificate issuer. Web browsers are delivered with a set of trusted certificate issuers so they can validate certificates that they will download.