cryptography - Explain Key Block and master secret with padding and encrytion in SSL/TLS? -
how see encrypted key in wireshark, during ssl key exchange?
referring this answer question:
could explain why pre-master encrypted 128 bits, how rsa public key of 2048 bits encrypt 48 bits data 128 bits, because client , server confirms , use symmetric encryption after change_cipher_spec record.
the key expanded 136 bits, master secret padded , used in encryption.
can explain use/generation of "key-block" in ssl/tls ?
why have client_write_key , server_write_key if using symmetric encryption, wouldn't single key used both encryption , decryption.
and having 2 different mac keys, produce same result message send authenticated if securely client , server , not exchanged.
could explain why pre-master encrypted 128 bits, how rsa public key of 2048 bits encrypt 48 bits data 128 bits
it doesn't. pre-master secret 48 bytes, , encryption 128 bytes, including padding, , public key length of 2048 bits has nothing that.
because client , server confirms , use symmetric encryption after change_cipher_spec record.
correct. so?
the key expanded 136 bits, master secret padded , used in encryption.
the key expansion 136 bytes; not master secret; , used generate symmetric session key , ivs.
can explain use/generation of "key-block" in ssl/tls?
never heard of it. term 'key-block' not appear in rfc 2246.
why have client_write_key , server_write_key if using symmetric encryption, wouldn't single key used both encryption , decryption.
apparently different key used in each direction.
and having 2 different mac keys, produce same result message send authenticated if securely client , server , not exchanged.
please define 'securely client , server'.
to answer these questions should see rfc 2246 #6.3 key calculation. it's pretty pointless paraphrase here. don't intend attempt it.