On Friday, July 19, 2019 at 8:13:56 AM UTC-4, George K wrote: > > > Is there a way to produce a shared secret key to be used for symmetric > encryption(e.g. AES) by using RSA key pairs? I know that the standard way > of doing something like that is to use the recipient's RSA public key to > encrypt the randomly generated symmetric key and then send it to the other > side alongside the symmetrically encrypted message. > I wonder if it is possible to skip the first message and compute a shared > secret by using each other's public keys, similar to how DH works. >
As far as I know there is no standard way to use RSA to produce a shared secret like DH. To give you an idea of how TLS does it... in TLS, RSA is Key Transport (versus Key Agreement). In TS, I believe the key transported by RSA is the premaster secret. In TLS, when using RSA is Key Transport, each party contributes to the shared secret through client.random and server.random. So, in TLS, the master key = premaster secret + client.random + server.random. Then, the four or six encryption and authentication keys are derived from master secret. In TLS when using DH, master key = premaster secret + client.random + server.random still holds. However, the premaster secret is derived from the DH Key Agreement rather than the RSA Key Transport. TLS lacks Key Confirmation in the protocol. I understand it complicates the proofs. If you are building a scheme you should include Key Confirmation. After the four or six keys are derived then the messages flow. Messages do not begin until the derived keys are created. Jeff -- You received this message because you are subscribed to "Crypto++ Users". More information about Crypto++ and this group is available at http://www.cryptopp.com and http://groups.google.com/forum/#!forum/cryptopp-users. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to cryptopp-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/cryptopp-users/e05d0991-19ea-4f75-aec1-8e321d243777%40googlegroups.com.
