0

After reading the excellent answers here and documents about how SSL works. I have a doubt about what the function of the ClientKeyExchange step is. In the above linked answer and document it says that the client part of the key is sent encrypted via the server public key.

So does that mean that the client is responsible for selecting the symmetric key that is used to encrypt/decrypt the actual data ?

If so then can the client be trusted enough to generate a strong encryption key ?

What is the role of the server in the symmetric key generation ?

ng.newbie
  • 275
  • 2
  • 6

1 Answers1

2

... that the client is responsible for selecting the symmetric key ...

The keys used for symmetric encryption are not created by the client alone. With RSA key exchange the client creates the pre-master secret and transfers it encrypted with the servers public key to the server. The master secret is then computed based on client and server data. From RFC 5246 (TLS 1.2) section 8.1:

  master_secret = PRF(pre_master_secret, "master secret",
                      ClientHello.random + ServerHello.random)
                      [0..47];

And from this master secret the keys for encryption and MAC and the IV are derived, as specified in section 6.3 "Key Calculation".

For DH key exchange already the pre-master secret is generated by combining information from client and server. Generating master secret from pre-master stays the same.

Community
  • 1
Steffen Ullrich
  • 190,458
  • 29
  • 381
  • 434
  • So correct me if I am wrong. But the reason no one else can compute the master key is because no one else knows about the client random right? The client random is the only thing that is shared with the server that is encrypted via the server public key. So this means that in a sense the client is the one who is choosing the key since the serverrandom is actually out in the open. – ng.newbie Dec 11 '17 at 13:02
  • @ng.newbie: client and server random are in clear text on the wire. The reason an attacker cannot computer the master key is because he does not know the pre-master key. And this is because (to cite myself) *"and transfers it __encrypted__ with the servers public key to the server"*. – Steffen Ullrich Dec 11 '17 at 14:30
  • Yeah so then would I be correct in saying that only the client part of the key is sent encrypted? The serverrandom is sent as clear text, correct? – ng.newbie Dec 11 '17 at 14:33
  • @ng.newbie: there is no such thing as a client part. There are client and server random (not encrypted) and pre-master-secret (encrypted). But the main part in terms of size and thus relevance for creating the encryption key and therefore the main thing to protect is the pre-master secret. – Steffen Ullrich Dec 11 '17 at 16:11