Hi all, I'm doing some work with TLS over TCP, and I'm going to be using
OpenSSL. I have a few questions about how this works:

I'm familiar with the concept of asymmetric key cryptography and how
OpenPGP works - each person has a public and private key, you encrypt data
using the target's public key, then the target can decrypt it only with his
private key. As far as I know, OpenSSL is also based on asymmetric key
cryptography, and generally uses RSA. I understand that one can also use it
in a similar way with public and private keys.

Q1: I don't understand what "certificates" are and how they come into play
here. What are certificates and certificate files? How does the certificate
compare to a public/private key?

Q2: Executing `openssl genrsa -out mykey.pem 4096` generates an RSA private
key. Then executing `openssl rsa -in mykey.pem -pubout >mykey.pub`
"extracts" the public key from it. What is it actually doing when it's
"extracting"?

Q3: Generally, when setting up a network server of any kind that makes use
of TLS or OpenSSL, one must have the certificate and "key" already
prepared. However, when a client connects, how does it encrypt the data to
send to the server? Does it generate keys on the fly prior to connecting? I
don't understand how this process works.
--=20
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist
.