0

Can someone explain the difference between RSA key agreement and DH key agreement as far as the use of the RSA key is concerned. For example, I have an RSA key and have agreed to use TLS_RSA_WITH_AES_256_CBC_SHA for this TLS session. When does the server use the RSA key and when does the client use the key. Who encrypts/decrypts and who signs/verifies. The other scenario would be TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA. I am having difficulty finding out who is using the key and when in these two scenarios. Thank you for help.

user3375401
  • 121
  • 1
  • 2
    Possible duplicate of [TLS-RSA vs TLS-ECDHE-RSA vs static DH](https://security.stackexchange.com/questions/166063/tls-rsa-vs-tls-ecdhe-rsa-vs-static-dh) – ztk Mar 11 '19 at 20:06
  • That question does answer the DH part of my question but not the RSA key exhange part. – user3375401 Mar 11 '19 at 21:24
  • 166063 says "RSA = Client will use server's public key to encrypt the PMS and send over to server, server will decrypt the PMS and generate the same PMS. The secret is sent in the wire" -- how does that not answer your question? – dave_thompson_085 Mar 12 '19 at 04:00

1 Answers1

3

This question is kind of confusing. While the title asks where RSA is used in the handshake the first sentence asks about the difference between RSA and DH key exchange regarding the RSA key. Note that the key exchange is part of the (full) TLS handshake but there is more to the handshake, specifically the authentication. But in short:

  • No RSA key is used within the DH key exchange. See “Diffie-Hellman Key Exchange” in plain English for more.
  • In RSA key exchange the public key is used in the client to encrypt the pre-master secret and the private key is used in the server to decrypt it.
  • Outside the key exchange but inside the TLS handshake the RSA key is used in the given ciphers for authentication. This is done by the server signing some data with the private key, where the data at least partially depend on the client. The client then can validate this signature and thus verify that the other party has access to the private key matching the public key of the certificate.
Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • Thank you for the response. I apologize if the question isn't worded correctly. I just want to make sure I understand. If TLS_RSA_WITH_AES_256_CBC_SHA is used then the server will encrypt using its RSA private key and the client will decrypt using the RSA key from the certificate passed over. Does signing/verifying occur? If TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is used then the server will sign the using its private RSA key and the client will verify using the certificate passed over. The RSA key is not used for encrption/decryption. Is that correct? – user3375401 Mar 11 '19 at 22:15
  • @user3375401: In the first case you've mixed up the roles of client and server. The second case might be correct provided that the unknown "the" in your *"... the server will sign __the__ using its private ..."* is the right thing. – Steffen Ullrich Mar 11 '19 at 22:19