Why SSL Client may need a private key?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Why SSL Client may need a private key?

jong jong
Hi, everyone,

I am new to the OpenSSL and I tried hard to understand
SSL protocol and APIs.
I have one question that bothers me.

When using openssl as a SSL Client, there is an option
to load a
client private key file.
I don't understand why SSL client needs a private key?

I thought, according to SSL, the Server uses
asymmetric cryptographic (public key) to do the key
exchange in handshake
process; once handshake process is done, both server
and client uses symmetric cryptographic for
application data communications.

So why client may need a private key? what is that key
used for?

I really wish somebody can help me on this.

Thanks

Appreciate in advance!

John





__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com 
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Why SSL Client may need a private key?

Dr. Stephen Henson
On Fri, Jan 27, 2006, jong jong wrote:

> Hi, everyone,
>
> I am new to the OpenSSL and I tried hard to understand
> SSL protocol and APIs.
> I have one question that bothers me.
>
> When using openssl as a SSL Client, there is an option
> to load a
> client private key file.
> I don't understand why SSL client needs a private key?
>

This is for client authentication. When a server requests client
authentication and the client agrees to it the client sends a certicate and
signs a challenge using the corresponding private key.

If client authentication does not occur the private key is not needed.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]