How To NOT Use Certificates

Discussion to talk about software related topics only.
Post Reply
kackle123
Posts: 73
Joined: Tue Nov 23, 2010 1:35 pm

How To NOT Use Certificates

Post by kackle123 »

How to do I tell the NetBurner code (like an SSL web server example) to NOT use certificates, but only encrypt instead? Thank you in advance.
User avatar
dciliske
Posts: 623
Joined: Mon Feb 06, 2012 9:37 am
Location: San Diego, CA
Contact:

Re: How To NOT Use Certificates

Post by dciliske »

I'm impressed! You've asked how to do something that, while sounding "just plain wrong" on the surface, is actually perfectly reasonable and valid by the standard! Unfortunately, I have no idea of any *other* implementation that will allow you to do so.

Suffice to say, the major component of TLS (SSL's replacement) is the secure negotiation. Historically, the certificate was also the source of the Public Key of the Server, which the Client used to encrypt their secret (i.e. RSA); in this situation, you *can't* negotiate without the certificate. However, modern cipher suites that utilize *Ephemeral* Diffie-Hellman transmit the public keying material separate from the certificate. This means it is possible to negotiate (but not authenticate!) without a certificate. In theory.

Additionally, if you wanted to simply utilize the infrastructure provided by TLS for management, you *could* build what are effectively pre-shared secrets utilizing Session Tickets for a given server's private key. That however, becomes an issue with managing the pre-negotiated tickets and somehow getting your client application to use them.

In closing, can it be done? ... yes, with one really big asterisk. Is it something supported? Unfortunately, no.
Dan Ciliske
Project Engineer
Netburner, Inc
User avatar
mlara
Posts: 8
Joined: Tue Mar 29, 2016 10:40 am

Re: How To NOT Use Certificates

Post by mlara »

Alternatively, if you're just trying to avoid having to get a certificate from a Certificate Authority, you can create a self-signed certificate as described in the following article: https://www.netburner.com/learn/creatin ... iy-section. You will be sacrificing third-party server authentication this way, but your traffic will be encrypted and it's integrity will be checked.
Mike Lara
Project Engineer
Netburner, Inc
kackle123
Posts: 73
Joined: Tue Nov 23, 2010 1:35 pm

Re: How To NOT Use Certificates

Post by kackle123 »

Thank you for your responses to my question from last year. :P I had some success making such a embedded server for use with certain browsers, but I'd have to look through my notes to remember how I did it. I will have to revisit all of this, especially the self-signed certificate (URL link) idea. Thanks again.
Post Reply