5

From what I read, in TLS, the master secret is used to generate the following:

  • a symmetric key to encrypt the SSL records.
  • an IV (initialization vector)
  • a key for Message Authentication Code (MAC)

I'm not sure what the term "session keys" stands for: is it the symmetric key only, or is it the ensemble of all keys derived from the master secret?

Rahil Arora
  • 4,307
  • 2
  • 23
  • 41
ling
  • 173
  • 1
  • 8

1 Answers1

8

The RFC for TLS does not contain or define the term Session Key. It simply says:

The master secret is expanded into a sequence of secure bytes, which is then split to a client write MAC key, a server write MAC key, a client write encryption key, and a server write encryption key. Each of these is generated from the byte sequence in that order. Unused values are empty. Some AEAD ciphers may additionally require a client write IV and a server write IV.

Therefore, there is no official definition of a Session Key in the context of SSL/TLS. However, in general, a session key is simply a symmetric key, which is only valid for a particular communication session. Now, this key can be either used as an encryption key or a MAC key. It simply has to be a symmetric and valid for a particular session. In context of TLS, people usually use the term session keys for the four keys derived from the Master Secret (client write MAC key, server write MAC key, client write encryption key, and server write encryption key). For example: the author of this awesome blog article "The First Few Milliseconds of an HTTPS Connection" has used the term for the above mentioned four keys.

PS: I highly recommend reading the linked article, if you really want get an in depth understanding of SSL/TLS.

Rahil Arora
  • 4,307
  • 2
  • 23
  • 41
  • I recommend also http://crypto.stackexchange.com/questions/1139/what-is-the-purpose-of-four-different-secrets-shared-by-client-and-server-in-ssl . To be complete, AEAD in 1.2 (only) may have derived IVs (really nonces) but does NOT have separate encryption and MAC keys as the other modes do; and 1.0 and SSL3 have derived IVs for CBC, which caused the vulnerability to BEAST and other Vaudenay-type attacks. – dave_thompson_085 Dec 15 '14 at 08:40