Overview#
Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)Usually, TLS uses Public Key certificates TLS or Kerberos KERB for authentication. This document describes how to use Symmetric Keys (later called pre-shared keys or PSKs), shared in advance among the communicating parties, to establish a TLS connection.
There are basically two reasons why one might want to do this:
- using pre-shared keys can, depending on the Cipher Suite, avoid the need for Public Key operations. This is useful if TLS is used in performance-constrained environments with limited CPU power.
- pre-shared keys may be more convenient from a key management point of view. For instance, in closed environments where the connections are mostly configured manually in advance, it may be easier to configure a PSK than to use certificates. Another case is when the parties already have a mechanism for setting up a shared secret key, and that mechanism could be used to "bootstrap" a key for authenticating a TLS connection.