Cryptographic Protocols - Codes: The Guide to Secrecy from Ancient to Modern Times

Cryptography Reference

In-Depth Information

3. If the server is not using anonymous DiKe-Hellman, it may send a request

for the client's certificate. Contained in the client certificate request is a

certificate type that dictates the PKC to be employed. For instance, if

either RSA or DSS is used with authenticated DiKe-Hellman, then au-

thentication (only) is accomplished via an RSA or DSS signature on the

certificate.

4. The server sends a server-hello-done message.

III Key Exchange and Client Authentication :

1. After receiving the server-hello-done message, the client verifies the server's

certificate if sent, and other server-hello parameters. If all is valid, the

client responds.

2. If requested, the client sends a certificate. If authenticated DiKe-Hellman

is being used, then the client's public-keyparameters are included.

3. The client-key-exchange message must now be sent. The key-exchange mode

dictates the content as follows:

(i) If RSA is used, then the client generates a 48-byte premaster secret ,

which is encrypted with the server's public key (sent with certificate

in Stage I).

(ii) If anonymous DiKe-Hellman is employed, then the client's public

DiKe-Hellman parameters are sent.

(iii) If authenticated DiKe-Hellman is used, then the parameters were

alreadysent in step 1 of stage II, so this is a null action.

(iv) If Fortezza is used, then the client's Fortezza parameters are sent.

3. If a certificate has been requested, the client signs a piece of data that is

unique to the handshake and known byboth client and server, along with

the encrypted premaster secret.

IV FinishProtocol :

To simplifythe final stage, we assume that RSA is being used.

1. If the server verifies the client's identity, then the server uses its private key

to decipher the premaster secret. Then the server performs a sequence of

steps to create the master secret from the premaster secret, a one-time

48-byte generated for this session. These same steps are followed by the

client to recover the master secret.

2. Both the client and the server use the master secret to generate session

keys, which are symmetric keys used to encipher and decipher information

exchanged over the course of this SSL session, and to verifyits integrity ,

meaning the detection of changes that might have occurred in the time

period from transmission to reception.

Search WWH ::

Custom Search

Home