Re: SSL handshake and client certificate

From: Pieter Philippaerts (Pieter_at_nospam.mentalis.org)
Date: 01/16/04


Date: Fri, 16 Jan 2004 18:47:55 +0100


"Tester" <test> wrote in message
> Could someone tell me if private key of the client certificate is involved
> during the SSL handshake with a server? Server asks for renegotiation with
> client authentication over already established SSL connection, will
private
> key of the client certificate be used to derive new session key during
> rehandshake?

It will not be used to derive a session key, but the client must sign a hash
of all the handshake messages with it [so that the server can verify that
the client really has access to the private key]. So yes, the private key of
the client certificate will be used during the negotiation.

Regards,
Pieter Philippaerts
SSL/TLS for .NET: http://mentalis.org/go.php?sl



Relevant Pages

  • Re: SSL handshake and client certificate
    ... The client certificate is not required for SSL handshake but if client ... > Could someone tell me if private key of the client certificate is involved ... Server asks for renegotiation with ...
    (microsoft.public.platformsdk.security)
  • Re: client certificates
    ... > workstation such as an ActiveX control or downloaded .NET control. ... > private key exists only on the user's workstation, ... > if this prompting is cached or not, so you would have to test that. ... > password to view the page with their client certificate. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Client certificate sent in clear or not?
    ... It depends on how the server is configured. ... Sometimes the client certificate is sent during the initial SSL handshake, ...
    (microsoft.public.platformsdk.security)
  • Re: client certificates
    ... workstation such as an ActiveX control or downloaded .NET control. ... private key exists only on the user's workstation, ... If your code accesses the private key, the user should be prompted for their ... password to view the page with their client certificate. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Bi-directional certificate authentication [vs. passwords]
    ... when you use your private key in a ... TLS with client certificate ensures ... The PKI model, which certificates support, is not appropriate for ... Note that SSH keys are PKI-less. ...
    (sci.crypt)