0

As I understood a simplified ECDH-RSA key exchange protocol works like below

  1. Alice request Bob for its ECDH public key
  2. Bob generates ECDH parameters and sign them with a CA provided RSA certificate. And Bob sends ECDH parameters and the signature.
  3. Alice verifies the signature and then share it's own public key
  4. Now both Alice and Bob have a common shared sceret key.

Could below scenario possible?

  1. Same as above
  2. Eve keeps a copy of Bob's public key. Eve doesn't modify the key so when Alice check the signature it is valid.
  3. When Bob share his public key, Eve keep Alice's public key and send his own public key to Bob.

Now there is a shared secret between Eve and Bob. But the shared secret Alice will compute will be different as Alice computes shared secret with Bob's Public Key and his own private key.

Eve has Alice's Public key, Bob's Public Key and his own private key. Is there any way Eve can generate the same secret key as alice? Or can Eve intercept the key in any other way for the above protocol?

gmtek
  • 101
  • This description is for **ECDHE-RSA** in SSL/TLS (only; other protocols vary); the second E means ephemeral. There also exist ECDH-x nonephemeral/'static' suites that use a long-term key, but these are rarely if ever used. Also to be pedantic: ECDHE-RSA signs ServerKX with the RSA key in a certificate; this cert is _usually_ CA-issued but not always. – dave_thompson_085 Nov 06 '17 at 14:02

1 Answers1

1

No. The private keys are never sent and generating Alice's private key from the public key is viewed as impossible with current technology (assuming the algorithm implementations and parameter selections are secure).

See this answer for a description of Diffie Hellman and how the shared secrets can be constructed without sharing all parameters required to build the shared key.

Hector
  • 10,923
  • 3
  • 41
  • 44