Hi,
Thanks for your explanation
1. In apache server, Where i specify which message digest algorithm is used
(MD5/SHA)
H = HMAC(packet_proto+ssl_version+data_len+M, server_write_mac)
W = ENCRYPT(M+H+pad, server_write_key)
2. Is Message digest process to be done after encryption() ? if no, which step
the message digest process to be process ?
3.
Yes, but precisely speaking there are negotiated two algorithms
one for encrypt/decrypt SSL packets (DES/AES/...) and onesfor
ensuring SSL packet integrity (MD5/SHA1/...).
SSL Packet Integrity algorithm is required before cipher negotiation process
right ? , then only the master secret key / negotiation transaction are
properly integrity (with MD5/SHA).if so...When the ssl client will know which
message algorithm the ssl server is used?
4. I basic setup ssl apache server and browser.and I can properly communicated.
How to I know which message digest algorithm i used for ssl server. and i want
to know how to specify the MAC=SHA1 to be use for Message Digest process.
5. For example , while doing cipher negotiation between server and the browser, both are agreed to use ADH-AES256-SH cipher for encrypt/ decrypt. so it Indirectly MAC also negotiated right ? Please correct me if it is wrong...
openssl ciphers -v ADH-AES256-SHA
ADH-AES256-SHA SSLv3 Kx=DH Au=None Enc=AES(256) Mac=SHA1
Thanks & Regards,
Senthilkumar.
Marek Marcola wrote:
Hello,
1. In symmetric cryptography process, server and browser both are
negotiate to chooses cipher algorithms for encrypt/decrypt data right ?
Yes, but precisely speaking there are negotiated two algorithms
one for encrypt/decrypt SSL packets (DES/AES/...) and one for
ensuring SSL packet integrity (MD5/SHA1/...).
2. Cipher algorithms is not used for secret key generation operation right?
Right. For secret key generation (key_material) in TLS1 PRF() function
is used (Pseudo Random Function), in SSL3 there is special algorithm
for that. In both cases this algorithms mainly use message digest
functions (MD5/SHA1) and xoring.
3. Basic operation of cipher algorithms is
Cipher Algorithm ( DATA , secret key ) =====> Encrypted Data
Is it right?
Yes.
4. Is Message digest algorithms is helpful for symmetric cryptography
process. If yes ,where i configure in apache / what way is it used?
5. Where and when the Message digest algorithms is used.
SSL layer user message digest for integrity checking.
For example, if TLS1 client layer wants to send some data (say M)
to server first HMAC signature is calculated:
H = HMAC(packet_proto+ssl_version+data_len+M, server_write_mac)
this signature H is then appended to data M, padded and encrypted:
W = ENCRYPT(M+H+pad, server_write_key)
Data W is send to server, and on server side, this data is decrypted,
message digest H is checked (calculated) and packet is
accepted or rejected.
Use:
$ openssl ciphers -v
to display SSL/TLS cipher suites.
Best regards,
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
