jmhertlein/gist:5471873

## gistfile1.txt
Server has client's public key already, in a list of trusted public keys
keys are RSA key pairs

client connects
server sends its pubkey
client now using server's pubkey to encrypt all outgoing communications, incoming are still unencrypted
client sends username it wants to authenticate as
server loads trusted pubkey for username
encrypts n securely-randomly-generated bytes, sends over unencrypted connection to client
client uses private key to decrypt
sends now-unencrypted bytes over an encrypted stream to server
server compares client's response with original byte sequence
if same, user is who he says he is (has private key), authentication successful
else, user is not who he says he is (does not have private key), authentication fails
	Server has client's public key already, in a list of trusted public keys
	keys are RSA key pairs

	client connects
	server sends its pubkey
	client now using server's pubkey to encrypt all outgoing communications, incoming are still unencrypted
	client sends username it wants to authenticate as
	server loads trusted pubkey for username
	encrypts n securely-randomly-generated bytes, sends over unencrypted connection to client
	client uses private key to decrypt
	sends now-unencrypted bytes over an encrypted stream to server
	server compares client's response with original byte sequence
	if same, user is who he says he is (has private key), authentication successful
	else, user is not who he says he is (does not have private key), authentication fails