0

I was wondering if in SSL/TLS negotiation process, there is another role for the RSA permanent private key in ECDHE-RSA-AES scheme besides signing the DH public key for authenticating the identity of the server in front of the client??

I know that in prior versions of SSL/TLS, the RSA permanent private key was also used for decrypting some initial information.

BitterBobby
  • 1
  • One important tip regarding key use: Use the key only for one operation. Not multiple. Using it for multiple operations increases the possibility of key discovery – Limit Oct 26 '16 at 20:49
  • @Limit using the same RSA keypair for both RSA key exchange (key encipherment) and signing a DH key exchange (digital signatures) is secure. Well, as long as you accept PKCS#1 v1.5 as secure. TLS 1.3 switched to RSASSA-PSS. – Z.T. Oct 26 '16 at 20:59
  • @Z.T. it may be secure but I will still not recommend it. Plus, http://security.stackexchange.com/questions/1806/why-should-one-not-use-the-same-asymmetric-key-for-encryption-as-they-do-for-sig – Limit Oct 26 '16 at 21:18

1 Answers1

1

No, in TLS_DHE_RSA_* and TLS_ECDHE_RSA_* cipher suites, RSA is used by the server only to generate digital signatures and by the client only to verify digital signatures.

Z.T.
  • 7,963
  • 1
  • 22
  • 36