Overview#Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)
Usually, TLS uses Public Key certificates TLS or Kerberos KERB for authentication. This document describes how to use Symmetric Keys (later called pre-shared keys or PSKs), shared in advance among the communicating parties, to establish a TLS connection.
There are basically two reasons why one might want to do this:
- using pre-shared keys can, depending on the Cipher Suite, avoid the need for Public Key operations. This is useful if TLS is used in performance-constrained environments with limited CPU power.
- pre-shared keys may be more convenient from a key management point of view. For instance, in closed environments where the connections are mostly configured manually in advance, it may be easier to configure a PSK than to use certificates. Another case is when the parties already have a mechanism for setting up a shared secret key, and that mechanism could be used to "bootstrap" a key for authenticating a TLS connection.