问题
How to see the encrypted key in wireshark, during ssl key exchange?
Referring to this answer for this question:
Could you explain why does the Pre-master encrypted is 128 bits, how does RSA public key of 2048 bits encrypt 48 bits data to 128 bits, because the client and server confirms and use the symmetric encryption only after the Change_Cipher_Spec record.
The key expanded to 136 bits, is it the Master Secret padded and where is this used in encryption.
Can you explain the use/generation of "key-block" in SSL/TLS ?
Why we have client_write_key and server_write_key if we are using symmetric encryption, wouldn't a single key be used for both encryption and decryption.
And having two different MAC keys, would they produce the same result for message send to be authenticated if they are securely with client and server and not exchanged.
回答1:
Could you explain why does the Pre-master encrypted is 128 bits, how does RSA public key of 2048 bits encrypt 48 bits data to 128 bits
It doesn't. The pre-master secret is 48 bytes, and its encryption is 128 bytes, including padding, and the public key length of 2048 bits has nothing to do with that.
because the client and server confirms and use the symmetric encryption only after the Change_Cipher_Spec record.
Correct. So?
The key expanded to 136 bits, is it the Master Secret padded and where is this used in encryption.
The key expansion is 136 bytes; it is not the Master Secret; and it is used to generate the symmetric session key and the IVs.
Can you explain the use/generation of "key-block" in SSL/TLS?
Never heard of it. The term 'key-block' does not appear in RFC 2246.
Why we have client_write_key and server_write_key if we are using symmetric encryption, wouldn't a single key be used for both encryption and decryption.
Apparently a different key is used in each direction.
And having two different MAC keys, would they produce the same result for message send to be authenticated if they are securely with client and server and not exchanged.
Please define 'securely with client and server'.
To answer all these questions you should see RFC 2246 #6.3 Key calculation. It's pretty pointless for anyone to paraphrase it all for you here. I don't intend to attempt it.
来源:https://stackoverflow.com/questions/29551100/explain-key-block-and-master-secret-with-padding-and-encrytion-in-ssl-tls