TLS – Overview

The most common encryption online is called TLS (SSL). TLS uses either RSA or DHE key exchange:

RSA

2 - TLS RSA

1. The server creates an RSA keypair, and submits the public encryption key along with information about the server’s identity to Certificate Authority (CA). The CA then signs the SHA256 hash of submitted information and public key, and returns new certificate to server. Operating Systems, browsers and clients trust data signed by CAs implicitly; The public signing keys of CAs come preinstalled in client-side software and operating systems.

2. The Client and Server exchange random data (client random, server random) during the initial handshake.

3. Server sends the client it’s CA-signed certificate, that contains the server’s public encryption key. The client authenticates received data by hashing it with SHA256, and by comparing the result with hash obtained by decrypting the CA’s signature using the CA’s public signing key.

4. Client generates a pre-master-secret (PMS) and sends it to server, encrypted using the public encryption key of the server. The server decrypts the PMS using it’s private decryption key.

5. Client and server create master secret from PMS, client random and server random, and use the master secret to generate two AES keys.

6. Client and server use the two AES keys to exchange encrypted messages.

HSA is unable to decrypt messages passively, because the PMS from which AES keys are generated, can only be decrypted with the Server’s private key. Since the encryption only happens between Alice and server, and between Bob and server, the server can observe, store and edit messages during transmission.

DHE

3 - TLS DHE

1. The server creates an RSA keypair, and submits the public signing key along with information about the server’s identity to Certificate Authority (CA). The CA then signs the SHA256 hash of submitted information and public key, and returns new certificate to server.

2. The client and server exchange random data (client random, server random) during the initial handshake.

3. Server sends the client it’s certificate along with it’s public signature verification key. The client authenticates received certificate and public key using the public signing key of CA.

4. Server generates primitive root g, prime p and private DH-value s, and calculates DH-public value gs mod p.

5. Server sends the client g, pgs mod p, client random and server random, along with the SHA256 hash of these values. The hash is signed using the private key of the server.

6. Client authenticates g, p, gs mod p using the public signing key of server, received in step 3.

7. Client generates private DH-value a and using it together with g and p, calculates DH-public value ga mod p.

8. Client derives shared secret (PMS) by calculating (gs mod p)a mod p.

9. Server derives shared secret (PMS) by calculating (gamod p)s mod p.

10. Client and server derive master secret from PMS, client random and server random, and use the master secret to generate two AES keys.

11. Client and server use the two AES keys to exchange encrypted messages.

HSA is unable to decrypt messages passively, as PMS is derived from public DH-keys using private DH-keys; Private DH-keys are never transmitted over the wire, and they are hard to calculate from public values. Alas, the encryption again only happens between Alice and server, and between Bob and server: the server can observe, store and edit messages during transmission.

Secure messaging should never rely on servers handling unencrypted data securely; There is no trustworthy man-in-the-middle; Users will have to rely on blind faith, that the gratis service isn’t funded by selling private user data.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s