Cryptography Reference
In-Depth Information
Because the whole certifi cate must be signed by a certifi cate authority, this means
that the corresponding secret value
a
must be used over and over for multiple
handshakes; ideally, you'd want to select a new one for each connection.
Does this mean that Diffi e-Hellman key exchange is never used in TLS? It
doesn't, but it does mean that it's usually used in a slightly more complex way,
which is examined in the next chapter. This section instead simply focuses on
the conceptually simpler RSA key exchange.
RSA Key Exchange and Private Key Location
RSA key exchange, then, consists of loading the private key corresponding to
the public key previously transmitted in the certifi cate message, decrypting the
client key exchange message, and extracting the premaster key. After this has
been done, the
compute_master_secret
and
calculate_keys
functions from
the previous chapter can be used to complete the key exchange (with one minor
difference, detailed later, to account for the fact that this is now the server and
the read and write keys must be swapped). You know how RSA decryption
works; the
rsa_decrypt
function was developed in Listing 3-20; the padding
used by TLS is the same PKCS #1.5 padding implemented there.
However, where does the private key come from in the fi rst place? It's obvi-
ously not in the certifi cate. Recall from Chapter 5 that when you generated
your own test self-signed certifi cate, you actually output two fi les: cert.der and
key.der. key.der contained the private key. A DER-encoded fi le is a binary fi le
that you can't read without special software, but a PEM (Base64-encoded) key
fi le — which is actually the default in OpenSSL if you don't specifi cally ask for
DER — can be loaded in a standard text editor.
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,BD1FF235EA6104E1
rURbzE1gnHP0Pcq6SeXvMeP6b5pNmJSpJxCZtuBkC0iTNwRRwICcv0pVNTgkutlU
sCnstPyVh/JRU94KQKS0e471Jsq8FKFYqhpDuu1gq7eUGnajFnIh2UvNASVSit6i
6VpJAAs8y1wrt93FfiCMyKiYYGYAOEaE2paDJ4E8zjyVB253BoXDY4PUHpuZDQpL
Oxd2mplnTI+5wLomXwW4hjRpX61xfg7ed2RKw00jSx89dkqTgI3jv2VoYqzO88Rb
EnQp+2+iSEo+CYvhO26c7c12hGzW0P0fE5olOYnUv5WFPnjBmheWRkAj+K2eeS6w
qMTsv1OzKR02gxMWtlJQc2JmnUCfypjTcf9FSGHQKaPSDqbs/1/m+U9DzuzD6NUH
/EUWR6m1WxQiORzDUtHrTZ3tJmuGGUEhpqIjpFsL//0=
-----END RSA PRIVATE KEY-----
As the headers indicate, this fi le is encrypted by default; if you recall, you
were prompted for a password before this was generated.
OpenSSL does have an option to write an encrypted RSA private key fi le in
plaintext.
[jdavies@localhost ssl]$ openssl rsa -in key.pem -out key_decoded.pem
writing RSA key
Search WWH ::
Custom Search