Cryptography Reference
In-Depth Information
Client
Server
ClientHello :acceptable cipher suites , nonce C
−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−→
ServerHello :TLS RSA cipher hash , certificate , nonce S
←−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
select TLS RSA cipher hash
ClientKeyExchange :RSA ENC ( pre master secret )
−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−→
pick pre master secret
decrypt
Figure 12.10. TLS key exchange using RSA.
The initial vector (IV) which is used in the CBC mode is a secret pseudorandom
value. The IV value for the next record is simply the last ciphertext block so that, like
in the stream cipher mode, we can view the sequence of all (compressed and MACed)
fragments as a unique plaintext to be encrypted in CBC mode. The very first IV value of
a connection is generated together with the secret keys from the nonces and a master se-
cret. (For export cipher suites, the master secret is not used so that IV is not secret at all.)
12.3.6 Master Key Exchange
The key exchange protocol which is specified in the current cipher suite is used in order
to set up a pre-master secret. As we have seen in the cipher suites, there are six possible
protocols.
RSA: The client chooses the secret and encrypts it using the RSA public key of the
server (see Fig. 12.10). This public key must be authenticated in a certificate.
Encryption follows the PKCS#1v1.5 standard.
DH DSS and DH RSA: These are “fixed Diffie-Hellman” algorithms in which
long-term Diffie-Hellman parameters are used. The-Diffie-Hellman parame-
ters p and g are put in the certificate of the server, as well as the Diffie-Hellman
public key g x mod p of the server. The certificate is signed using either DSS
or RSA to authenticate the keys. So the client can just take the authenticated
Diffie-Hellman parameters from the certificate, pick his Diffie-Hellman pub-
lic value g y mod p , and send it to the server in the ClientKeyExchange
message (see Fig. 12.11).
DHE DSS and DHE RSA: These are “ephemeral Diffie-Hellman” algorithms in
which the Diffie-Hellman parameters are randomly selected by the client and
the server. The server certificate contains either a DSS or a RSA public key.
The server can select his chosen Diffie-Hellman parameters and public value
( p
g x
,
g
,
mod p ), hash them with the selected hash function, sign them with
Client
Server
nonce C
−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−→
ServerHello :TLS DH sig cipher hash
ClientHello :acceptable cipher suites
,
nonce S
←−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
,
certificate
,
select TLS DH sig cipher hash
ClientKeyExchange : g y mod p
−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−→
g xy mod p
pick y
pre master secret
=
Figure 12.11. TLS key exchange using DH DSS or DH RSA.
 
Search WWH ::




Custom Search