0

I know that in TLS 1.2 the client generates PMS (Pre Master Secret) which is used to get master_secret and Key_Block.

Where Key_Block combined with clinet_random and server_random gives us: clientMAC, serverMAC, clientWrite and serverWrite.

For example clientWrite is used to encrypt all messages from client to server.

What I don't understand is which key the server uses to encrypt the messages it gets and which one the client uses?

schroeder
  • 125,553
  • 55
  • 289
  • 326
dan
  • 19
  • 1
  • Do you mean "which key the server uses to _decrypt_ the messages it gets"? It doesn't make any sense to encrypt a message you're receiving. Also, you already mentioned that `clientWrite` is used to encrypt messages from client to server, so it's the key used by the server for decryption... which hopefully makes it obvious which key the server uses for encryption (and the client for decryption). These are symmetric keys, you use the same one for encrypt and decrypt. – CBHacking Jul 26 '22 at 00:57
  • Thanks, I didn't know it's symmetric. kindly publish as answer so I can accept @CBHacking – dan Jul 26 '22 at 06:49
  • It sounds like you missed the stage where there is a key exchange. The linked dupe has 2 answers that explain it all in detail. – schroeder Jul 26 '22 at 08:02

0 Answers0