RSA key-exchange


The RSA key-exchange method of Key-Exchange consists of three messages.
STATIC RSA key-exchange is Deprecated in TLS 1.3

First the ServerKeyExchange where the server sends to the client an RSA Public Key, K_T, to which the server holds the Private Key. This may be a transient key generated solely for this connection, or it may be re-used for several connections.

Second ClientKeyExchange where the client generates a string of random bytes, K, encrypts it using K_T, and sends the result back to the server, which decrypts it.

Then both the client and server each hash K, K_T, and the various Key-Exchange parameters to generate the exchange hash, H, which is used to generate the encryption keys for the session, and the server signs H with its host key and sends the Digital Signature to the client.

Then the client then verifies the host key.

Authentication with RSA key-exchange#

With static RSA key-exchanges, the connection is authenticated by encrypting the premaster Secret with the server certificate’s Public Key. Only the server in possession of the Private Key can decrypt, correctly derive the Master Secret, and send an encrypted Finished message with the right MAC.

The simplicity of static RSA key-exchange has a serious drawback: it does not offer Perfect Forward Secrecy. If a observer adversary records all traffic to a server then every recorded TLS session can be broken later by obtaining the certificate’s Private Key.

More Information#

There might be more information for this subject on one of the following: