Mike, can you briefly explain what a PKI server is please? Thanks!


------------------
Lance
PowerBASIC Support
mailto:[email protected][email protected]</A>

Thanks Lance. It has taken me some time to think about how to answer
such a simple question! As best I can, here it is...

PKI, as I know it, means Public Key Infrastructure.

A Public Key Infrastructure Service Provider is a source for providing the
transfer of information via telecommunications on a secured basis which
depends on encrypting the data and decrypting it with Public Keys.

A PKI Server is a PKI information source which, no matter how it communicates
with the outside world, has its own authentication key service built in and
can encrypt and decrypt communicated data with the outside world to its own
specifications, even server to server. It is, essentially a means of working
with Self-Authentication on internal closed networks with internal rules.

Self-authentication, typically, is currently directed, as best I can tell,
toward WEB hosted such things as in the APACHE SSL or SSLEAF arena which
is a public domain encrytion system. It allows one to set up one's own
authentication server. You can generate your owns keys with open source freeware
in a UNIX (##IX) based environment. It is also, of note, available as
compiled for OS/2 as well.

However, what I want is *NOT* a WEB based creature, but a discrete "server"
which may have nothing to do with the WEB at all. However it communicates, be
it TCP/IP over a private network, TELNET or whatever, isn't the issue here. I
want to combine SSL technology into plain PB for DOS source to start with.
The functions of generating the keys, distributing them and using them to
encrypt and decrypt file data moving between machines, no matter how it moves,
is what is of interest to me.

I have PB source coded independent boxen which are headed toward embedded
system work. Each box is it's own server, of sorts. Each box may, but does
not have to communicate with any other box to do it's work. In a serious
pre-emptive multi-tasking operating system world, I can even have servers
inside a given single box serving clients all within the same embedded systems
world box even with PB 3.5 for DOS and it works WONDERFULLY well! They don't
need PKI techniques.

But when this embedded box talks to another one like it or another system
elsewhere, I need for every one of them to have authentication service. As
far as most thinking for me, traditional Client-Server is dead. It's all
Server Service to me. There are still even BBS-like techniques which can
be used with simple embedded systems operations. But conforming them to
the new thinking of PKI communications techniques between themselves no
matter what form the network takes, is the subject of how to enable a
PKI Server in PB for DOS. At least at the lowest level, if it can
be done!

Does this make sense now?


------------------
Mike Luther
[email protected]

[This message has been edited by Mike Luther (edited June 13, 2002).]

Understood, thanks. I can't help with any example code though, sorry!

------------------
Lance
PowerBASIC Support
mailto:[email protected][email protected]</A>

I currently use the keyserver search.keyserver.net for my gnupg stuff. Gnupg can automatically verify any signature coming through the e-mail that is stored on that public key server. So there are plenty of examples out there of public key infrastructure server-type things. I'd start looking by checking out gnupg ( http://www.gnupg.org ). Of course it will all be c-based code, but it will give you an idea of the architecture needed. (I presume your talking about pgp-style stuff, since it has been the defacto standard in the past and netscape's signatures stuff is quite complicated.)

If you're going to do tcp stuff, pb/dos is not the best tool. Pb/cc perhaps?

Michael


------------------




[This message has been edited by Michael Torrie (edited June 14, 2002).]