Re: Key establishment question

Jack wrote:
In Internet, when two computers need to establish a secret key, the two
machines need to exchange two random numbers, e.g., R1, R2, if
Diffie-Hellman is used. How are the two random numbers exchanged? Are
the two numbers sent as TCP/IP packets? How is Diffie-Hellman
implemented in Internet? Thanks a lot.

Jack


Generally by means of a public-key algorithm. I encrypt the number
with your public key, and only a person who holds the corresponding
private key (presumably, only you) can decrypt it. Actually, I also
encrypt it with my private key. The fact that my public key decrypts
it proves that only I could have encrypted it.


Chris Mattern
.

Relevant Pages

  • How does this work?
    ... prevent man-in-middle attack to Diffie_hellman exchange by "Encrypt ... the Diffie_Hellman value with the other side's public key". ...
    (sci.crypt)
  • Re: Encryption
    ... You don't use Exchange to encrypt, you use an email client to encrypt. ... public key of the sender. ... creae your own trusted certificates is usually pretty expensive. ...
    (microsoft.public.exchange.admin)
  • Re: Key establishment question
    ... machines need to exchange two random numbers, e.g., R1, R2, if ... Diffie-Hellman is used. ... encrypt it with my private key. ... The fact that my public key decrypts ...
    (comp.security.misc)
  • Re: RSA Key Exchange
    ... Server B, so it initiates a request saying "Hey... ... At this point is where we can do key exchange, how we want to do it is up to ... So client A says "Hey, here's my public key, encrypt all packets coming out ... Now each one has a public key, so secured communications continue. ...
    (microsoft.public.dotnet.languages.vb)
  • Re: New Method for Authenticated Public Key Exchange without Digital Certificates
    ... so i ask to exchange keys with somebody ... ... while such a extended man-in-the-middle attack isn't impossible ... things that are the public key exchange ... ... so an ongoing man-in-the-middle substitution attack on typical PGP ...
    (sci.crypt)