I've just recently learned a bit about how encrypted messages are sent across the Internet, and it seems that it relies a lot on "trusted third parties" My problem is that I don't trust anyone, is there some way to form an encrypted connection between two computers without prior secrets or the need to trust anyone?
Asked
Active
Viewed 152 times
1 Answers
0
Yes, by creating a "Certificate Authority" (CA) and installing its certificates on the machines.
The third parties you're talking about issue certificates, and sign those certificates using a CA certificate that is included in popular operating systems and/or web browsers. You can create your own CA certificate and install it onto the machines in question alongside those third party certificates. Then you can issue your own SSL certificates which will be recognised by those machines without any third party involvement.
Note that the CA certificates aren't "prior secrets" - there's nothing secret about the certificate itself. It has a private key, which you use to sign your SSL certificates, but that key doesn't need to be on the machines in question (and shouldn't be).
There are plenty of sites that will walk you through the process - a quick Google turned up this one for example: Creating Your Own SSL Certificate Authority.
RichieHindle
- 272,464
- 47
- 358
- 399
-
Note though that those certificates still need to be communicated securely. http://blogs.msdn.com/b/ericlippert/archive/2011/09/27/keep-it-secret-keep-it-safe.aspx – Billy ONeal May 21 '13 at 18:00
-
Your Certificate Authority is still a trusted third party. And as Billy mentioned, the certificates still need to be communicated securely so you still have the same problem of securely transmitting information without prior secrets. Turtles all the way down... – Sysyphus May 26 '13 at 05:52