2

after getting an answer to Security over multi-streaming such as SCTP i have found that i do not have the capacity to give a public key or certificate to the other end securely (to be sure MitM cannot substitute one and that no-one can see it). i do have the capacity to send a 256-bit key securely. both ends are under the same admin but there is no opportunity to set up a key or cert on either end besides the mentioned limited capacity (because it is a cloud image launched when needed). "shared secret" seems to be the wrong terminology as all uses i see for this refer to sharing between different parties (the "sharing" is just between these two ends). this is also a symmetric connection once established ... such as a VPN (it will be used as a VPN and it will use SCTP). my question is: how can i be sure this is secure? security is hard.

i have used openssl before in this script and am looking to use its C-layer API for this project.

Improve this question

1 Answer 1

Reset to default
4

There is a variation of TLS that uses a Pre-Shared Key instead of certificates, called TLS-PSK. This basically works the same way as usual TLS except the session key is generated in a different way. You should take a look at this.

Improve this answer
3
  • ok ... i will start here: en.wikipedia.org/wiki/TLS-PSK Commented Jun 9, 2015 at 12:17
  • You may want to have a look at RFC 4279 too Commented Jun 9, 2015 at 12:19
  • that RFC is linked in the wiki article. i will look there next and then the openssl docs. Commented Jun 9, 2015 at 12:23

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.