Does private key is required on web server during SSL communication? I've read:
In SSL, each party calculates the secret key individually using random
values known to each side. The parties then send messages encrypted
using the secret key
and
The private key is a randomly generated key for the session and is not
stored.
Above quotations relate Oracle Application Server SSL communication, but I think it should concern general SSL communication. Could you explain, what is role of private key (so far I think private key is required on web server during SSL).
Yes, the private key is required during the SSL handshake as it is used to prove that the server is indeed the owner of the Public Key of the deployed certificate.
But the Public/Private key pair are not used for encryption of the application messages. They are used only in the handshake which creates in the process a shared key by cryptographic parameters transmitted to the client in order to calculate it and used for the symmetric encryption of data after the handshake completes succesfully.
Related
I came across a mbedTLS example on an embedded device and i see a server certificate validation (github.com as example) before downloading a firmware but the only certificate/key coded is the one of github (the CA chain, rather than the github cert itself).
My questions are:
If i perform a server CA verification do i only need the CA certs right?
After the verification of the server, is the communication between the two encrypted at all, meaning is the firmware file exposed in clear or is it crypted? Is the encryptiong done using the private key of the server? (which i suppose it is on the github server). If not what's the use of the server private key? Integrity?
Do i also need a client private key to establish an encrypted connection? If not is the client private key supposed to do the same thing of the server private key but on client side?
I've a general idea of what the answers are but i need certainties.
Regards,
If i perform a server CA verification do i only need the CA certs right?
correct
After the verification of the server, is the communication between the two encrypted at all, meaning is the firmware file exposed in clear or is it crypted? Is the encryptiong done using the private key of the server? (which i suppose it is on the github server). If not what's the use of the server private key? Integrity?
The validation of the servers certificate is part of the TLS handshake but not the end of the handshake. Only after the handshake is completed data are encrypted but also no application data are transferred before the handshake is completed. Thus, a firmware transferred over TLS is encrypted with whatever cipher client and server agreed on - which may be a weak or a strong cipher.
The application data are not encrypted by any private key but by symmetric cryptography. For more details see How does SSL/TLS work.
Do i also need a client private key to establish an encrypted connection? If not is the client private key supposed to do the same thing of the server private key but on client side?
A client does not need a private key for encryption. Apart from that the servers private key should be kept secret (private) and therefore it should not be possible that the client can just use the servers private key. Again, see How does SSL/TLS work for details.
Please help me fill out the blanks here -
The server keeps its private key and the public key is shared to the users. So the client trusts the content thats coming from the server using the public key. How does the client encrypt the contents he is sending back to the server ?. Using the public key of the server ? or does the client send a autogenerated private key and encrypts it using the public key which is then decypted by the server along with the message and used for furthter communication by both parties.
A Public and a Private key is required to do ssl communication. This Key pair is generated using a self signed certificate ?. How can a single self signed certificate contain both public and private keys.
One more thing On message level security -- im looking at a current configuration and am pulling my hair out -- Using IBM Ikeyman to look at the producer and Consumer JKS files-- for Message level security(Digital Signing) there is a Personal certificate at the Consumer and a Signer certificate at the Producer ... Isnt this the other way around? Is this current configuration incorrect --- Both the keys are same by the way.
The server keeps its private key and the public key is shared to the users.
Correct.
So the client trusts the content thats coming from the server using the public key.
No. There is no 'so' about it. The client trusts the server certificate because it is signed by someone he trusts, and he knows it belongs to the server because the server provides a digital signature that the client can verify, which only the private key owner can do. Therefore he knows that the server owns that public key.
How does the client encrypt the contents he is sending back to the server ?.
The client and server negotiate a shared session key independently using techniques described in RFC 2246. For the most part they don't involve PKI at all.
Using the public key of the server? or does the client send a autogenerated private key and encrypts it using the public key which is then decypted by the server along with the message and used for furthter communication by both parties.
Neither, see above. This is quite a large subject.
A Public and a Private key is required to do ssl communication.
No. One of the parties must have a private key and a corresponding certificate that the other party trusts, otherwise the communication is insecure.
This Key pair is generated using a self signed certificate
No. The statement doesn't even make sense. Key pairs are generated first, nothing to do with certificates yet. The certificate is a wrapper for the public key.
How can a single self signed certificate contain both public and private keys.
It can't, and it doesn't. Self-signing doesn't have anything to do with it either.
Public-key encryption 101:
The public and private keys form a pair: each key in the pair can decrypt messages encrypted with the other, but cannot decrypt messages encrypted with itself. If the client can decrypt a message with the public key, it knows the message was encrypted by the owner of the public key. Conversely, a message encrypted with the public key can only be decrypted by the owner of the private key.
The basic idea is that the client generates a key for a symmetric-key cypher, encrypts it with the public key, and sends that to the server. Both sides then use that symmetric key and cypher for the majority of the communication.
In SSL communication,when the client wants to interact with some server, the server sends its public key. Always remember a certificate is nothing but a public key with a bunch of supporting information.
The problem here is any hacker can masquerade as a server and can block the communication between server and client. So the server certificate must be signed by some certificate authority. The client only believes the server certificate if it is signed by a certificate authority.In that case the hacker in between can not masquerade as a server because its certificate will not be authenticated by the certificate authority.
So client accepts the certificate and gets the public key of server. Now the client can send its public key encrypted by the public key of the server. Since this encrypted message can only be decrypted by the private key of the server so only server can decrypt it.
But the use of public key and private key over the ssl communication can slow down the connection very much because these keys lengths are 1024 or 2048 bits.
So practically what happens is instead of sending its own public key, the client sends the symmetric key encrypted by the public key of the server. Server decrypts it with its private key and it gets to know the symmetric key. Now the further communication happens with this symmetric key encryption and decryption.Since no third party gets to know the symmetric key, the communication will be secure.
Remember symmetric key lengths are generally 64-128 unlike public keys hence less the time for encryption and decryption.
Let's say we have a Server with a private and public key, the latter available to all Clients and we have a Client who doesn't have any asymmetrical keys of his own. We want to establish secure communication between the Server and the Client and the Client has to ensure Server's authenticity. This is a pretty common situation.
Now, it is my understanding that private/public key pair is usually used in such situations only to ensure authenticity (our Client can use the Server's public key to verify the Server's authenticity). To ensure two-sided communication between the Server and the Client Diffie–Hellman key exchange is used and the communication is then based on a shared secret key.
I can't stop by wonder why Diffie-Hellman is used at all in such situations. From what I understand Public-Key Cryptography could be used to both ensure authenticity AND to share a secret key between the Client and the Server. Server can send to Client a message encoded with its private key and Client can decode it using Server's public key to confirm its identity. Furthermore Client could use the Server's public key to send a new random secret key to the Server. Only Server would know this secret key as only Server knows his private key. I know some people advice not to use a public key to both encode and decode but nobody says why.
Obviously if both Client and Server had their own public/private keys they wouldn't even need to share any secret keys, but that's not a typical situation.
So... to sum it up. Why is Diffie-Hellman used instead of Secret Key Distribution with a Public-Key Cryptography? Any advantages?
I can't stop by wonder why Diffie-Hellman is used at all in such
situations. From what I understand Public-Key Cryptography could be
used to both ensure authenticity AND to share a secret key between the
Client and the Server.
Both Diffie-Hellman and RSA key exchange (where RSA is used for encryption) can be used with SSL/TLS. This depends on the cipher suite.
Server can send to Client a message encoded with its private key and
Client can decode it using Server's public key to confirm its
identity.
This is indeed what happens with DH key exchange with RSA or DSS authentication: the server signs its DH parameters using its private key, and the client can verify the signature.
Furthermore Client could use the Server's public key to send a new
random secret key to the Server. Only Server would know this secret
key as only Server knows his private key.
This is more or less what happens with RSA key exchange: the client encrypts the pre-master secret, which only the server can decipher.
You can read about all this in the Authentication and Key Exchange section of the TLS specification (leaving aside the anonymous key exchange). The choice of cipher suites (See Appendix A.5 and C), which depends on how the client and the server have been configured, will determine the key exchange mechanism used.
Fixed DH exchange is rather rare as far as I know. Ephemeral DH (DHE cipher suites) is more common. It can provider "Perfect Forward Secrecy": even if attackers get hold of the private key, they can't decipher existing traffic, since they would also need to have the DH parameters, which are not the same for all connections. However, this has a cost in terms of performance. You can find more on this topic in this article.
. Why is Diffie-Hellman used instead of Secret Key Distribution with a Public-Key Cryptography? Any advantages?
Ans: let's assume a hacker has been tracking the all messages exchanged between client and server and saving messages , but he can not decrypt those messages because he does not know the shared symmetric key. If private key of server is revealed then in case of diffie-hellman hacker still can not decrypt the messages because diffie Hellman algorithm never send the secret key on wire instead client and server agrees on same key without sharing, it's kind of key agreement algorithm not sharing. To attack diffie Hellman man in the middle should be live and should know server private key which was used for authentication. But in our case hacker has past diffie Hellman messages, so he can not use man in the middle attack. Meanwhile server changes it's private key so there is no damage. But if we use RSA keys to share secret key then on the disclosure of server's private key hacker can get all session symmetric secret keys and can decrypt all the past messages.
I was looking into SSL and some of the steps that are involved to set up an encrypted connection between a server and a client computer.
I understand that a server key and certificate is sent to the browser, and that a secret code is being calculated, like they say in the following video:
http://www.youtube.com/watch?v=iQsKdtjwtYI
around 5:22, they talk about a master secret code that is being calculated to start talking in an encrypted way.
My question now is: before the connection is actually encrypted (the handshake phase), all communication between the server and the client can be sniffed by a packet sniffer. Isn't it then possible to sniff the encryption key or other data that is used to set up a secure connection?
From the Wikipedia summary, I think the key part you're interested in is:
The client responds with a ClientKeyExchange message, which may
contain a PreMasterSecret, public key, or nothing. (Again, this
depends on the selected cipher.) This PreMasterSecret is encrypted
using the public key of the server certificate.
This is why the public key is so important. If you use the wrong public key, you're vulnerable to man in middle attacks.
Witness the justified worry whenever bogus SSL certificate issues (e.g. DigiNotar).
The secret key itself isn't transmitted at all, so it can't be sniffed. It is computed independently at both ends. The materials it is computed from is called a PreMasterSecret which is encrypted with the public key of the server certificate. So unless the server's private key has been compromised the secret key can be neither sniffed nor calculated independently.
If one way SSL is used (Server Certificate authentication) then data sent from client gets encrypted using Public key of the server certificate. So privacy protection is available for data sent from client. My questions are
Does this mean that in One way SSL data sent from Server to client is not encrypted and sent as plain text ?
For both server to client and client to server communications the data/message is not signed and so tamper protection or data integrity is not assured. Are there any other means to achieve data integrity while using SSL based transport security and not Message security options ?
One way SSL just means that the server does not validate the identity of the client. It has no effect on any of the other security properties of SSL.
While the SSL protocol is a bit complex, the basic gist of what happens is this: The client generates a random key, encrypts it so that only the server can decrypt it, and sends it to the server. The server and client now have a shared secret that can be used to encrypt and validate the communications in both directions.
The server has no idea of the client's identity, but otherwise, the encryption and message validation is two way.
Update:
1) Yes, encryption both ways is symmetric and uses a shared secret generated during session setup.
2) With a shared secret, message integrity is trivial to assure. You just ensure the message has a particular form. For example, I can prefix every message I send with a sequence number and append a checksum onto it before encryption. You decrypt it with the shared secret and validate the sequence number and checksum. How can an attacker substitute or modify the message without knowing the shared secret and still keep the sequence number and checksum intact?
In SSL, two things happen:
First, a session key is negotiated using something like the
Diffie-Hellman method. That generates a shared session key but never
transmits the key between parties.
Second, that session key is used in a normal symmetric encryption for
the duration of the connection.
SSL does use public/private in one way, because an X509 certificate is
used to identify at least one end of the connection. Those certs are
signed using an asymmetric key pair.
Extracted from How can SSL secure a two-way communication with only one key-pair?