For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

KT_271103's avatar
KT_271103
Icon for Nimbostratus rankNimbostratus
Jul 27, 2016

SSL certificate

Is the below statements are correct ?

 

Client generating pre-master key using shared random numbers between server and client. Client encrypted with server public key and sent to server. Hence server has private key to decrypt the pre-master key. Now both client and server using this key and generate master key.

 

application delivery
LTM
Secure Web Gateway
security

6 Replies

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Jul 27, 2016

    Yes, but only in the RSA key exchange.

     

    The client and server will initially share two other random numbers, one from the client and one from the server, and both in the clear. In the Client Key Exchange message, the client derives a third random number, encrypts that with the server's public key, which it had just received in a previous message from the server, and sends that over. Using its private key the server decrypts this message and exposes the third value. Both parties then independently calculate the same master secret used to create symmetric encryption keys.

     

    This is not, however, how it works for the Diffie-Hellman key agreement.

     

  • KT_271103's avatar
    KT_271103
    Icon for Nimbostratus rankNimbostratus
    Jul 28, 2016

    In DH algorithm as per my understanding

     

    Both client and server exchange the public key initially and then both will generate the session key on both sides individually without exchange method. Client side ---> Client private key + Server public key Server side ---> Server private key + Client public key

     

  • KT_271103's avatar
    KT_271103
    Icon for Nimbostratus rankNimbostratus
    Jul 28, 2016

    Find below statements? I hope pre-master key only exchange from client to server. As per below statement whether Master key will exchange or not ?

     

    Typically a master key is generated and exchanged using some secure method. This method is usually cumbersome or expensive (breaking a master key into multiple parts and sending each with a trusted courier for example) and not suitable for use on a larger scale. Once the master key has been securely exchanged, it can then be used to securely exchange subsequent keys with ease. This technique is usually termed Key Wrap. A common technique uses Block ciphers and cryptographic hash functions.[2]

     

    • boneyard's avatar
      boneyard
      Icon for MVP rankMVP
      Jul 28, 2016

      i dont see what this statement differs to what Kevin posted. could you explain better what worries you and the background for that.

       

  • KT_271103's avatar
    KT_271103
    Icon for Nimbostratus rankNimbostratus
    Jul 28, 2016

    As per Kevin The client derives a third random number, encrypts that with the server's public key, which it had just received in a previous message from the server, and sends that over.

     

    Hence as per above response third random number is pre-master key and this will sent from client to server then Both parties then independently calculate the same master secret used to create symmetric encryption keys.

     

    What about master key? whether will it exchange or not ?

     

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Jul 28, 2016

    The master "key" is the master secret. The purpose of the master secret is to provide a PRF-based "seed" to create additional symmetric keys. Different functions need different type and sized keys. For example, from the master secret you'll derive the client and server's symmetric encryption keys, and separate keys for HMAC.