Thanks. As per my understanding,Before sending master key to client , server
has to maintain the master key. How i can get this in server side? is there
any code sample or snippet to get this key?
Krishna
On Tue, Aug 23, 2011 at 11:54 PM, Gayathri Sundar <suraj...@gmail.com>wrote:
> Master key is unique per session, and its same for both client and server,
> thats the concept behind the SSL handshake. The RFC would state the
> information accurately. Perhaps you can send the master secret as part of
> ur application data, to the client, which can decrypt and use.
> Thanks
> --Gayathri
>
> On Tue, Aug 23, 2011 at 12:41 PM, krishnamurthy santhanam <
> krishnamurth...@gmail.com> wrote:
>
>> Thanks. I gone through the RFC 2246 and understood the Master key
>> generation part. The Master key is generated and able to print the client
>> side(test C program) using ssl strucure.
>>
>>
>> printf("session A\n");
>>
>> SSL_SESSION *session = SSL_get_session(ssl);
>>
>> SSL_SESSION_print(out, session);
>>
>> for (i=0; i<(unsigned int)session->master_key_length; i++)
>> {
>> BIO_printf(bp,"%02X",session->master_key[i]) );
>> }
>>
>> How i can get the same Master key in server side?
>>
>> in my scenario, server side program is running in C. JDBC clients will
>> establish the connection to the server. will the same Mester key generated
>> in the cross platforms(JDBC client side)?
>>
>> Any help will be great.
>>
>> Thanks for your time,
>>
>> Krishnamurthy
>>
>> On Mon, Aug 22, 2011 at 9:03 PM, Gayathri Sundar <suraj...@gmail.com>wrote:
>>
>>> Please read the RFC, it would clearly explain how the master secret is
>>> dervied, and from that how the read and write keys are derived. With that
>>> you can get to know how to extract the read n write keys. Meanwhile the read
>>> and wirte keys are available as part of the ssl object.
>>> Check that structure out.
>>>
>>> Thanks
>>> --Gayathri
>>>
>>> On Mon, Aug 22, 2011 at 10:24 AM, krishnamurthy santhanam <
>>> krishnamurth...@gmail.com> wrote:
>>>
>>>> I have more than 100 clients that will connect to my server and
>>>> communicate the data. I am implementing SSL on server side to authenticate
>>>> the client certificate(X.509) and also client will authenticate the servers
>>>> certificate. Once the mutual authentication has completed I have to
>>>> generate
>>>> master key for encryption and decryption. I am going to use AES for
>>>> encryption and decryption.
>>>>
>>>> I had generated the client and server certificates using the bellow
>>>> commands and signed by the root,
>>>>
>>>> 1. CLIENT CERTIFICATE:
>>>>
>>>> openssl req -newkey rsa:1024 -sha1 -keyout clientkey.pem -out
>>>> clientreq.pem
>>>>
>>>> openssl x509 -req -in clientreq.pem -sha1 -extfile openssl.cnf -extensions
>>>> usr_cert -CA rootcert.pem -CAkey rootkey.pem -CAcreateserial -out
>>>> clientcert.pem
>>>>
>>>> cat clientkey.pem clientcert.pem rootcert.pem > client.pem
>>>>
>>>> openssl x509 -subject -issuer -noout -in client.pem
>>>>
>>>> 2. SERVER CERTIFICATE:
>>>>
>>>> openssl req -newkey rsa:1024 -sha1 -keyout serverkey.pem -out
>>>> serverreq.pem
>>>>
>>>> openssl x509 -req -in serverreq.pem -sha1 -extfile openssl.cnf -extensions
>>>> usr_
>>>>
>>>> cert -CA rootcert.pem -CAkey rootkey.pem -CAcreateserial -out
>>>> servercert.pem
>>>>
>>>> cat serverkey.pem servercert.pem rootcert.pem > server.pem
>>>>
>>>> openssl x509 -subject -issuer -noout -in server.pem
>>>>
>>>> 3. ROOT CERTIFICATE:
>>>>
>>>> openssl req -newkey rsa:1024 -sha1 -keyout rootkey.pem -out rootreq.pem
>>>>
>>>> openssl x509 -req -in rootreq.pem -sha1 -extfile root.cnf -extensions
>>>> v3_ca -sig
>>>>
>>>> nkey rootkey.pem -out rootcert.pem
>>>>
>>>> cat rootcert.pem rootkey.pem > root.pem
>>>>
>>>> openssl x509 -subject -issuer -noout -in root.pem
>>>>
>>>>
>>>>
>>>> Initially I am writing ssl/tls programming for server and client. In
>>>> this I am able to communicate the data between client and server.
>>>>
>>>> I was struck on master key generation, I have added the below LOC to
>>>> programs to get MASTER KEY,
>>>>
>>>> printf("session A\n");
>>>>
>>>> SSL_SESSION *session = SSL_get_session(ssl);
>>>>
>>>> SSL_SESSION_print(out, session);
>>>>
>>>> It is printing like this ,
>>>>
>>>> session A
>>>>
>>>> SSL-Session:
>>>>
>>>> Protocol : TLSv1
>>>>
>>>> Cipher : AES256-SHA
>>>>
>>>> Session-ID:
>>>> 9FCE46513DD74882D3FF0E0E84CC4A6BE12192B65C426E0B27D0FA15F81D7D5E
>>>>
>>>> Session-ID-ctx:
>>>>
>>>> Master-Key:
>>>> 56F90B0D90DEB3430207A74793C9B6565744E06ECA191D9DFA04C29B1EE2B782
>>>>
>>>> 6B602878597465F739AD69091DDF6499
>>>>
>>>> Key-Arg : None
>>>>
>>>> Krb5 Principal: None
>>>>
>>>> Compression: 1 (zlib compression)
>>>>
>>>> Start Time: 1314015355
>>>>
>>>> Timeout : 7200 (sec)
>>>>
>>>> Is this the Master key for both the server and client?
>>>>
>>>> Is this the key that should be used for the encryption in client side
>>>> and decryption in server side?
>>>>
>>>> If this is the Master key how can I extract the key?
>>>>
>>>> Please guide me if I understood anything wrong.
>>>>
>>>
>>>
>>
>
