使用SSL / TLS中的填充和加密解释密钥块和主密钥? [英] Explain Key Block and master secret with padding and encrytion in SSL/TLS?
问题描述
How to see the encrypted key in wireshark, during ssl key exchange?
参考这个回答对于这个问题:
您能解释为什么预加密的主加密是128位,2048位的RSA公钥如何加密48位数据到128位,因为客户端和服务器仅在Change_Cipher_Spec记录之后才确认并使用对称加密。
Could you explain why does the Pre-master encrypted is 128 bits, how does RSA public key of 2048 bits encrypt 48 bits data to 128 bits, because the client and server confirms and use the symmetric encryption only after the Change_Cipher_Spec record.
密钥扩展到136位,
The key expanded to 136 bits, is it the Master Secret padded and where is this used in encryption.
您可以解释在SSL / TLS中使用/生成key-block吗?
Can you explain the use/generation of "key-block" in SSL/TLS ?
为什么我们有client_write_key和server_write_key,如果我们使用对称加密,加密和解密都不会使用单个密钥。
Why we have client_write_key and server_write_key if we are using symmetric encryption, wouldn't a single key be used for both encryption and decryption.
两个不同的MAC密钥,如果它们与客户端和服务器安全地并且不交换,则它们将对要被认证的消息发送产生相同的结果。
And having two different MAC keys, would they produce the same result for message send to be authenticated if they are securely with client and server and not exchanged.
推荐答案
您能解释为什么Pre-master加密是128位,RSA 2048位密钥加密48位数据到128位
Could you explain why does the Pre-master encrypted is 128 bits, how does RSA public key of 2048 bits encrypt 48 bits data to 128 bits
它不会。预主密钥是48字节,并且其加密是128字节,包括填充,并且2048位的公钥长度与此无关。
It doesn't. The pre-master secret is 48 bytes, and its encryption is 128 bytes, including padding, and the public key length of 2048 bits has nothing to do with that.
因为客户端和服务器仅在Change_Cipher_Spec记录之后才确认并使用对称加密。
because the client and server confirms and use the symmetric encryption only after the Change_Cipher_Spec record.
正确。那么?
密钥扩展到136位,是主密钥填充,并在加密中使用。
The key expanded to 136 bits, is it the Master Secret padded and where is this used in encryption.
键扩展是136个字节;它不是主秘密;并且它用于生成对称会话密钥和IV。
The key expansion is 136 bytes; it is not the Master Secret; and it is used to generate the symmetric session key and the IVs.
您可以解释使用/生成SSL / TLS中的key-block?
Can you explain the use/generation of "key-block" in SSL/TLS?
从未听说过。
为什么我们有client_write_key和server_write_key,如果我们使用对称加密,
Why we have client_write_key and server_write_key if we are using symmetric encryption, wouldn't a single key be used for both encryption and decryption.
显然每个方向都使用不同的键。
Apparently a different key is used in each direction.
有两个不同的MAC密钥,如果它们与客户端和服务器安全地进行交换,它们将对消息发送产生相同的结果, / p>
And having two different MAC keys, would they produce the same result for message send to be authenticated if they are securely with client and server and not exchanged.
请使用客户端和服务器安全地定义。
Please define 'securely with client and server'.
您应该会看到 RFC 2246 #6.3 键计算。这对于任何人在这里为你解释一切都是毫无意义的。我不打算尝试。
To answer all these questions you should see RFC 2246 #6.3 Key calculation. It's pretty pointless for anyone to paraphrase it all for you here. I don't intend to attempt it.
这篇关于使用SSL / TLS中的填充和加密解释密钥块和主密钥?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
