On Fri, Feb 01, 2013 at 10:05:15AM +1300, T J wrote:
> >These are sufficient to generate a session unique key via a suitable KDF
> >salted with an application-specific string.
>
> OK, great. So I get the master key and run it through the a KDF and
> I get a 256 bit encryption key for use in my application. Sounds
> easy...
Not just the master key, also the client_random, server_random
(from the SSL handshake) and a *fixed* application-specific salt,
that yields a different key than another application might derive
under the same conditions.
> Question 1: previously, you said:
> > ... the expansion function of HKDF is a reasonable choice. ...
> but now you mention salt which implies I should also use the
> extraction stage. If the salt is random, doesn't that mean the
> client and server would end up with different keys?
The salt is the same on client and server.
> Question 2: Where do the client_random and server_random values
> come from and what are they for?
The SSL handshake, IIRC the master secret does not change when a
session is reused, but client random and server_random do.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
