I have a cipher suit : TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA What is It meant "TLS_DHE_RSA" ???? Combine between RSA with Diffie-Hellman ?? RSA is key transport. DH is key agreement. How do they use together ?? Please help.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Xiaoyu Ruan Sent: Thursday, March 01, 2007 15:30 To: openssl-users@openssl.org Subject: RE: Question about Diffie-Hellma Here is how DH works: 1. server determines p, q, sends p and q to client. 2. server selects a random number priv_key_s, computes pub_key_s = q^priv_key_s mod p, sends pub_key_s to client. 3. client selects a random number priv_key_c, computes pub_key_c = q^priv_key_c mod p, sends pub_key_c to client. 4. server computes shared_secret = pub_key_c^priv_key_s mod p. 5. client computes shared_secret = pub_key_s^priv_key_c mod p. Now server and client both have the same shared_secret, which is used in the symmetric cryptography like AES, DES, etc. Notice that DH itself is not an encryption scheme. DH is used for establishing a symmetric key between two parties. -Xiaoyu ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dinh, Thao V CIV NSWCDD, K72 Sent: Thursday, March 01, 2007 3:13 PM To: openssl-users@openssl.org Subject: Question about Diffie-Hellma Hi All I have a hard time to understand Diffie-Hellia Key agreement. This is a DH structure Typedef structure dh_st { BEGIUM *p; BEGIUM *q; BEGIUM *pub_key; BEGIUM *priv_key; } According to Openssl Book " p and q, each pair chooses a random large integer priv_key member. A value for pub_key member is computed form the pub_key member and shared with peer. ...Using the value of priv_key and the peer's pub_key, each peer can independendly compute the shared secrete. Questions: 1) each peer can independently compute the shared secrete ???? What is meant ?? Client has one shared key, Server has different shared key??? 2) How do Server decrypt the message encrypt by client ?? Pleas help. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]