This preview shows page 1. Sign up to view the full content.
Unformatted text preview: s (IV) required to encipher the data.
VPN IPsec IKE v2 TLS M. Mogollon – 01/08 - 43 • In this phase, the client and server update the cipher_spec with the newly agreed-upon encryption
algorithms, keys, and hash functions. Then, the client sends a finished message to verify that the
key exchange and authentication processes were successful. The finished message is the first
protected message with the just-negotiated encryption algorithms, hash functions, and symmetric
encrypting keys. The finished message is hashed as follows:
• MD5(master_secret || pad2 || MD5(handshake_messages || Sender || master_secret || pad1));
• SHA(master_secret || pad2 || SHA(handshake_messages || Sender || master_secret || pad1));
• Where pad1 and pad 2 are the values defined in the MAC, “handshake” refers to all handshake
messages exchanged, and “sender” is a code that identifies whether the sender is a client
(0x434C4E54) or a server (0x53525652).
• No acknowledgment of the finished message is required and, at this point, client and server may
begin sending confidential data immediately after sending the finished message. 43 VPN, IPSec and TLS Key Calculation - Pre Master Key Generation
Client Web Server Method 1 RSA – 48-byte Generated by the Client
Secret Key Pre
Master Key Encipher Decipher RSA RSA Pre
Master Key Method 2: Diffe-Hellman
Key Exchange Diffie-Hellman
Key Exchange Pre
Master Key Pre
Master Key VPN IPsec IKE v2 TLS M. Mogollon – 01/08 - 44 • In the client key-exchange message, the client sets the pre-master key either though direct
transmission of the RSA-encrypted secret, or by the transmission of the client Diffie-Hellman
public key, which will allow each side to agree upon the same pre-master secret. When the keyexchange method is DH_RSA or DH_DSS, client certification has been requested, and the client is
able to respond with a certificate. The Diffie-Hellman public-key parameters (group and generator)
match those specified by the server in its certificate; otherwise, the client proposes its own DiffieHellman public-key parameters (group and generator).
• The RSA or Diffie-Hellman parameters for the pre_master key are the f...
View Full Document
This note was uploaded on 05/26/2010 for the course TECH 6350 taught by Professor Mogollon during the Spring '10 term at University of Arkansas for Medical Sciences.
- Spring '10