Cryptography Reference
In-Depth Information
The server's side of the exchange is rounded out by the server hello done
message. As shown in the next line of code, this contains no actual data; it's
just a TLS header indicating that the packet is four bytes whose contents are an
empty handshake message of type
0x0e
.
0x0360:
1603 0100 040e 0000 00
.........
Dissecting the Key Exchange Message
If the client was able to parse the certifi cate and has decided to trust it, and the
certifi cate contains enough information to satisfy the key exchange method in
the selected cipher suite, it must now send a key exchange message. Because the
key exchange method in this case is RSA, this involves making up a random
premaster secret, encrypting it using the public key that the server sent in the
certifi cate message, and sending that on.
After the standard TLS header and handshake message header, an RSA key
exchange message starts with a two-byte length, followed by the data. Because
the key used here is 512 bits, the RSA-encrypted data is also 512 bits, 64 bytes.
12:37:04.007143 IP localhost.localdomain.56047 > localhost.localdomain.https: P
51:126(75) ack 822 win 270 <nop,nop,timestamp 12673336 12673268>
0x0000: 4500 007f 0344 4000 4006 3933 7f00 0001 E....D@.@.93....
0x0010: 7f00 0001 daef 01bb 1e32 63e5 1e28 e546 .........2c..(.F
0x0020: 8018 010e fe73 0000 0101 080a 00c1 6138 .....s........a8
0x0030: 00c1 60f4
1603 0100 4610 0000 4200 407a
..`.....F...B.@z
0x0040:
8d74 369f 97e3 86e4 494f 5e71 1e0f 2059
.t6.....IO^q...Y
0x0050:
6583 04d2 d432 ce33 1067 251c 5a4b edef
e....2.3.g%.ZK..
0x0060:
d149 935b 9256 1a20 959a b9e4 0427 175e
.I.[.V.......'.^
0x0070:
6d70 cd0d af00 e3c2 c977 ab11 5af5 f7
mp.......w..Z..
Because I have access to the private key that corresponds with the public key
used in this exchange, I can decrypt this message using the
rsa
code developed
in Chapter 3. If I didn't have this private key then I'd be out of luck trying to
interpret this or any subsequent message in this connection. Of course, the pri-
vate key appears nowhere in this exchange; the security of TLS hinges around
this fact. The private key exponent is
EAFF403432CBD12A7F7174C209F5364398E62F4A1B8F9B7C32B6CE190E716696D3E866E09
AF5367743EA5CC7903515D05D667E5480C562BCC0821F4A670B27F9
and the modulus is
EEB4761CAAE2E34F56CBC3AFE479E88589A9AB398250687ADE502D53EEFAD78C6E3CF8946
301095BD0BD7A60089737E2F1BB40A152E12DDCDBC95BD86661DA4F
so the RSA-encrypted message can be decoded as
[jdavies@localhost ssl]$ ./rsa -d \
0xEEB4761CAAE2E34F56CBC3AFE479E88589A9AB398250687ADE502D53EEFAD78\
C6E3CF8946301095BD0BD7A60089737E2F1BB40A152E12DDCDBC95BD86661DA4F \
Search WWH ::
Custom Search