Score:1

What does "ECDHE_RSA" mean?

ru flag

Hey i do have a question about cryptography: I know that Elliptic curve is cryptography algorithm and Diffie–Hellman is mechanism which is provide the two parties who wish to encrypt some data with a identical key (symmetric key) and elliptic curve algorithm is used in conjunction with DH to provide authentication. I almost forgot to mention that I know that "ephemeral" in this context means that every session will have a different key so we can achieve "perfect forward secrecy"

My question is what's the purpose of "rsa" there

Manish Adhikari avatar
us flag
To correct you, Elliptic curve is not cryptography algorithm, it is a curve of form $y^2=x^3+Ax+B$. We can define a group consisting of points in the curve with coordinates taken from a finite field, with the operation being what is called point addition, which is useful in cryptography. In this case it allows performing Diffie Hellman on that group with much shorter key size than ordinary Diffie Hellman for equivalent security, not that it is used in conjunction with DH to provide authentication, at least not your case. RSA is there to authenticate the key exchange using signatures here.
Score:7
mc flag

In a TLS cipher suite the ECDHE is for key exchange and the RSA is for server certificate authentication.

Microsoft has a good explanation of cipher suite naming here.

Score:4
ph flag

I know that Ecliptic curve is cryptography algorithm

An elliptic curve (I presume ecliptic curve is a misspelling of elliptic curve) is a mathematical structure that can be used in a number of different algorithms.

Diffie–Hellman is mechanism which is provide the two parties who wish to encrypt some data with a identical key (symmetric key)

Yes

ecliptic curve algorithm is used in conjunction with DH to provide authentication.

An elliptic curve based digital signature algorithm can be used for authentication, but that is not what the "EC" in "ECDH" refers to

Traditionally diffe-hellman uses the integers modulo a large prime under multiplication as it's "group", but the prime has to be very large to get adequate security. By using an elliptic curve based group instead, adequate security can be achieved with much smaller values.

I almost forgot to mention that i know that "ephemeral" in this context means that every session will have a different key so we can achieve "perfect forward secrecy"

It's not just about having a different key for each session, it's about ensuring that the session key remains secret even if long term secrets of the client or server are later compromised.

To achieve that the neither of the diffe-helman private keys can be long-term keys. Therefore their corresponding public keys cannot be long term keys either.

So to authenticate the key exchange while maintain forward secrecy a mechanism is required to authenticate the ephemeral DH private key of the server. TLS achieves this through the use of a digital signature from a long term public key.

As has been pointed out in a comment, an alternate mechanism for authentication is to perform two DH exchanges, one ephemeral and one with long-ternm keys, then combine the results of both exchanges to establish the shared secret.

My question is what's the purpose of "rsa" there

RSA is used for authentication.

ECDSA can be used instead, but that requires a different certificate, so it's taken a while to gain popularity.

R.. GitHub STOP HELPING ICE avatar
cn flag
"To achieve that the diffe-helman private keys cannot be long-term keys. Therefore their corresponding public keys cannot be long term keys either." <-- to be complete, it's perfectly possible to do ephemeral-key [EC]DH without supplementing it with a signing algorithm and signing key. You just do the [EC]DH handshake using both the established keys *and* the ephemeral keys. This is how Wireguard and (I believe) Signal work.
ph flag
Do you mean do two seperate DH exchanges and then combine the results somehow? or is there some clever trick to use two sets of keys simultaniously in the dh exchange?
R.. GitHub STOP HELPING ICE avatar
cn flag
The approaches I know just do two different DH group operations and combine the results with a chain of hashes. If the other party did not have the right private key for the fixed-key part, they won't compute a matching shared secret. Note that this does not require any additional communictions round trips. See the description in the [Wireguard protocol](https://www.wireguard.com/protocol/) or Noise protocol framework paper.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.