On 2007.03.01 at 14:12:55 -0600, Dinh, Thao V CIV NSWCDD, K72 wrote: > > Questions: > 1) each peer can independently compute the shared secrete ???? What is > meant ?? Client has one shared key, Server has different shared key???
It is meant that only public keys are transferred over network. Then each party independently performs some calculations, involving public key which was recieved from other party and voila - they both got same number as a result. This number is called shared secret, because it is same for both parties. > 2) How do Server decrypt the message encrypt by client ?? Because they both have same shared number, and this number is very long (say 1024 bits), it can be used as key for symmetric cipher algorithm. Mathematics is quite simple. First both sides agree on some BIG numbers p and q Then first side selects big number x, and second - big number y. Then first side raises p into power of x, and second - p into power of y modulo q (i.e remainder of division p^x and p^y by q). They send these numbers over network. There is no way to calculate x from p^x mod q, so third party cannot find neither x, nor y. Then first side raises p^y (recieved from second party) into power x (it knows x, because it have choosen it and keeps it) and second p^x into power y. But by the laws of mathematics (p^x)^y = (p^y)^x = p^(x*y). So now both parties have same number. > Pleas help. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
