RE: Generation of encryption key

Mohammed SADIQ Tue, 20 Mar 2001 20:40:33 -0800
The computation of key material(Client/Server MAC Key + Client/Server Cipher Key + 
optinally, the Client/Server IV) is all done together. 

At the server end, the key material is computed and saved in 'pending write state' and 
'pending read state' upon receiving a ClientKeyExchange message from the client. The 
key material from the pending-read-state is transferred to active-read-state upon 
receiving a ChangeCipherSpec message FROM the client. The key material from the 
pending-write-state is transferred to active-write-state after sending a 
ChangeCipherSpec message TO the client.

Similarly, at the client end, the key material is computed and saved in 'pending write 
state' and 'pending read state' after sending a ClientKeyExchange message TO the 
server. The key material from the pending-write-state is transferred to 
active-write-state after sending a ChangeCipherSpec message TO the server. The key 
material from the pending-read-state is transferred to active-read-state after 
receiving a ChangeCipherSpec message FROM the server.

Assuming that the negotiated cipher suite is RSA related, then the the 
ClientKeyExchange message contains the encrypted-premaster-secret, which is used to 
compute the master-secret, which inturn is used to generate the key-material.

----------
Love is like pi -- natural, irrational, and VERY important.
- Lisa Hoffman
 

>-----Original Message-----
>From: Hegde, Ramdas [mailto:[EMAIL PROTECTED]]
>Sent: Wednesday, March 21, 2001 3:03 AM
>To: '[EMAIL PROTECTED]'
>Subject: Generation of encryption key
>
>
>I am trying to figure out when the encryption key is generated when using SSL.
>I currently have an application which has a client and server piece. For the
>purpose of testing I have generated a selfsigned certificate using openssl
>req -x509 -text -new -newkey rsa:1024 -out a.pem -md5
>
>I need to generate a new encryption key for every SSL handshake. How do I go
>about doing this?
>
>Ramdas
>______________________________________________________________________
>OpenSSL Project                                 http://www.openssl.org
>User Support Mailing List                    [EMAIL PROTECTED]
>Automated List Manager                           [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
RE: Generation of encryption key

Reply via email to
