• Registered: 2011-07-21
  • Posts: 1

Topic: Minimal configuration for cryptography and PKI

Hi,

I want to build the library without any SSL/TLS protocol,
I neither need the CyaSSL Client, nor the CyaSSL Server,
The only parts of the embedded SSL library I want to make use of are cryptography and PKI.

The functionality I want to use is:
- load CA cert
- load and validate clients certs
- use RSA and SHA to encrypt/decrypt sign/verify data buffers

Is it possible to remove CyaSSL Server, CyaSSL Client, SSL/TLS protocols
and still have library that provides the functionality listed above?

I was searching the documentation and have found the following flags:
NO_TLS, NO_CYASSL_SERVER, NO_CYASSL_CLIENT
Can these flags be used together?

Assuming that the above combination of build flags is correct,

will this affect somehow the functionality of cryptographic functions?
   i.e. will I still be able to encrypt/decrypt sign/verify the buffers of data?

will this have any impact on public key infrastructure functionality?
   i.e. will I still be able to load and verify the x509 certificates stored in memory buffers?


Michal

Share

  • From: Bozeman, MT
  • Registered: 2010-10-20
  • Posts: 650

Re: Minimal configuration for cryptography and PKI

Hi Michal,

You are correct, these flags can be used together while still providing all of CTaoCrypt's crypto functionality.  You can test this by building CyaSSL with NO_TLS, NO_CYASSL_SERVER, and NO_CYASSL_CLIENT and then running the test application under the /ctaocrypt/test directory of the CyaSSL download.

You will still have the public key infrastructure as well.  Normally verification is done internally within CyaSSL, but can also be done by hand (as the /ctaocrypt/test example does).

Regards,
Chris

https://www.wolfssl.com

chrisc's Website

Share