https://www.techtarget.com/searchsecurity/definition/mutual-authentication
The steps required for mutual authentication include the following:
Client sends a "Client Hello" message to the server that includes the TLS versions, the cipher suites and data compression methods the client uses.
The server responds with a "Server Hello" message that has its TLS, cipher suite and data compression choices from among the options the client provided.
The server also provides a session ID and a client certificate request.
The server sends its digital certificate, along with its public key.
The server sends a "Server Hello Done" message.
The client verifies the server's certification information.
The client sends session key information, encrypted with the server's public key.
The server decrypts the data sent using its private key. The data is used to create a symmetric key.
The client sends its digital certificate, which includes its public key.
The client sends "Certificate Verify" message, which is signed using its private key.
The server verifies the client's certificate and "Certificate Verify" message using the client's public key.
The client and the server exchange "Finished" messages, encrypted with the symmetric key.
https://stackoverflow.com/questions/3936071/how-does-browser-generate-symmetric-key-during-ssl-handshake
- The client generates the 48 byte “pre-master secret” random value.
- The client pads these bytes with random data to make the input equal to 128 bytes.
- The client encrypts it with server's public key and sends it to the server.
Then master key is produced by both parties in following manner:
master_secret = PRF( pre_master_secret, "master secret", ClientHello.random + ServerHello.random )
No comments:
Post a Comment