Discussion of RSA implementation
From WinBolo
(Difference between revisions)
(initial creation) |
m (→Discussion of RSA Implementation) |
||
Line 1: | Line 1: | ||
- | |||
- | |||
== Example Process == | == Example Process == | ||
# Client connects to server, gets put in "verify" stage | # Client connects to server, gets put in "verify" stage |
Revision as of 04:16, 16 December 2008
Example Process
- Client connects to server, gets put in "verify" stage
- Server sends client a random string of characters
- Client encodes it with it's private key and the server's public key
- Client sends encoded message along with it's public key to server
- Server checks to see if the public key sent by the client is on approved list.
public key is on approved list: server continues with process.
public key is not on approved list: server returns a message saying connection declined, please contact proper authorities to get your client binary approved. - Server decodes the encoded message using the public key supplied by the client.
- Server checks to see if the decoded message equals the original message
Messages are the same: client is allowed to connect to server.
Messages are not the same: server sends message back to client stating something about erroneous keys.
Automatic Generation of Keys
So let's say playerA compiles their own client on Monday and gets it added to the white-list of a server. Then on Tuesday, playerA decides to adjust the source and put a new executable out there to download using the same white-listed public key. What is to stop other players from using this new executable, short of removing that player's public key from the white-list?