creating Master-Key for encryption/decryption

Mon, 22 Aug 2011 08:26:25 -0700 

I have more than 100 clients that will connect to my server and communicate
the data. I am implementing SSL on server side to authenticate the client
certificate(X.509) and also client will authenticate the servers
certificate. Once the mutual authentication has completed I have to generate
master key for encryption and decryption.  I am going to use AES for
encryption and decryption.

 I had generated the client and server certificates using the bellow
commands and signed by the root,

1. CLIENT CERTIFICATE:

openssl req -newkey rsa:1024 -sha1 -keyout clientkey.pem -out clientreq.pem

openssl x509 -req -in clientreq.pem -sha1 -extfile openssl.cnf  -extensions
usr_cert -CA rootcert.pem  -CAkey rootkey.pem -CAcreateserial   -out
clientcert.pem

cat clientkey.pem  clientcert.pem rootcert.pem > client.pem

openssl x509  -subject -issuer -noout -in client.pem

2. SERVER CERTIFICATE:

openssl req -newkey rsa:1024 -sha1 -keyout serverkey.pem -out serverreq.pem

openssl x509 -req -in serverreq.pem -sha1 -extfile openssl.cnf  -extensions
usr_

cert -CA rootcert.pem  -CAkey rootkey.pem -CAcreateserial   -out
servercert.pem

cat serverkey.pem  servercert.pem rootcert.pem > server.pem

openssl x509  -subject -issuer -noout -in server.pem

3. ROOT CERTIFICATE:

openssl req -newkey rsa:1024 -sha1 -keyout rootkey.pem -out rootreq.pem

openssl x509 -req -in rootreq.pem -sha1 -extfile root.cnf -extensions v3_ca
-sig

nkey rootkey.pem -out rootcert.pem

cat rootcert.pem rootkey.pem  > root.pem

openssl x509  -subject -issuer -noout -in root.pem



Initially I  am writing ssl/tls programming for server and client. In this I
am able to communicate the data between client and server.

I was struck on master key generation, I have added the below LOC to
programs to get MASTER KEY,

printf("session A\n");

SSL_SESSION *session = SSL_get_session(ssl);

SSL_SESSION_print(out, session);

It is printing like this ,

 session A

SSL-Session:

    Protocol  : TLSv1

    Cipher    : AES256-SHA

    Session-ID:
9FCE46513DD74882D3FF0E0E84CC4A6BE12192B65C426E0B27D0FA15F81D7D5E

    Session-ID-ctx:

    Master-Key:
56F90B0D90DEB3430207A74793C9B6565744E06ECA191D9DFA04C29B1EE2B782

6B602878597465F739AD69091DDF6499

    Key-Arg   : None

    Krb5 Principal: None

   Compression: 1 (zlib compression)

    Start Time: 1314015355

    Timeout   : 7200 (sec)

Is this the Master key for both the server and client?

Is this the key that should be used for the encryption in client side and
decryption in server side?

If this is the Master key how can I extract the key?

Please guide me if I understood anything wrong.

Reply via email to