Dinh, Thao V CIV NSWCDD, K72 a écrit :
I have a cipher suit :
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
What is It meant "TLS_DHE_RSA" ???? Combine between RSA with
Diffie-Hellman ?? RSA is key transport. DH is key agreement. How do they
use together ?? Please help.
When we use Ephemeral DH, we need to use a (RSA or DSS) certificate. So
the DHE is for key establishment, and RSA signature is to authenticate
the DHE key to avoid man in the middle attack.
Best regards,
Badra
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Xiaoyu Ruan
Sent: Thursday, March 01, 2007 15:30
To: openssl-users@openssl.org
Subject: RE: Question about Diffie-Hellma
Here is how DH works:
1. server determines p, q, sends p and q to client.
2. server selects a random number priv_key_s, computes pub_key_s =
q^priv_key_s mod p, sends pub_key_s to client.
3. client selects a random number priv_key_c, computes pub_key_c =
q^priv_key_c mod p, sends pub_key_c to client.
4. server computes shared_secret = pub_key_c^priv_key_s mod p.
5. client computes shared_secret = pub_key_s^priv_key_c mod p.
Now server and client both have the same shared_secret, which is used in
the symmetric cryptography like AES, DES, etc.
Notice that DH itself is not an encryption scheme. DH is used for
establishing a symmetric key between two parties.
-Xiaoyu
________________________________
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dinh, Thao V CIV
NSWCDD, K72
Sent: Thursday, March 01, 2007 3:13 PM
To: openssl-users@openssl.org
Subject: Question about Diffie-Hellma
Hi All
I have a hard time to understand Diffie-Hellia Key agreement. This is a
DH structure
Typedef structure dh_st
{
BEGIUM *p;
BEGIUM *q;
BEGIUM *pub_key;
BEGIUM *priv_key;
}
According to Openssl Book " p and q, each pair chooses a random large
integer priv_key member. A value for pub_key member is computed form the
pub_key member and shared with peer. ...Using the value of priv_key and
the peer's pub_key, each peer can independendly compute the shared
secrete.
Questions:
1) each peer can independently compute the shared secrete ???? What is
meant ?? Client has one shared key, Server has different shared key???
2) How do Server decrypt the message encrypt by client ??
Pleas help.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
--
Mohamad Badra
CNRS - LIMOS Laboratory
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
