Overview#

The Premaster Secret is a value is:

• generated by the user-agent
• Encrypted by the user-agent (referred to as the EncryptedPreMasterSecret in some of the RFCs)
• Communicated to the server in the ClientKeyExchange
• used by the user-agent and the server to Derive the Master Secret.

Before the ClientKeyExchange, anyone listening in on the traffic can know this all of this as well (as evidenced because we looked using Wireshark captures).

Now we need to create a random secret key that an eavesdropper/attacker can not figure out.

The user-agent generates the 48-byte Premaster Secret by concatenating the protocol version which must match the value sent previously in the ClientHello message and 46 bytes that the user-agent generates randomly (46 bytes). The user-agent is supposed to get these 46 bytes from a cryptographically secure Pseudorandom number generator.

The 46 byte Premaster Secret random value that’s generated is not used directly, but it’s very important to keep it secret since a lot of things are derived from it.

The length of the entire Premaster Secret will vary depending on key exchange method.

More Information#

There might be more information for this subject on one of the following:

• ClientKeyExchange
• Derive the Master Secret
• EncryptedPreMasterSecret
• How SSL-TLS Works
• KeyEncipherment
• Master Secret
• RSA key-exchange
• ServerKeyExchange