Hi, I want to know about the Master key (MK) encapsulation and Pairwise Master key (PMK) generation during EAP-TLS or EAP-TTLS methods. When the supplicant is authenticated, the server generates a MK and sends it in encrypted format to the supplicant. How this MK (I think it is a random number) is encrypted? Which algorithm is used and which parameters are included (input) to disguise the MK? Then how the PMK is generated independently inside server and supplicant? What algorithm and parameters are used to pass the PMK to authenticator (Access point)? Please tell me clearly because I am a newbie. Which source codes include these operations, where should I look? Thank you. /Khan
Khan Ferdous Wahid wrote:
I want to know about the Master key (MK) encapsulation and Pairwise Master key (PMK) generation during EAP-TLS or EAP-TTLS methods.
The best source of information is the RFCs which define this.
When the supplicant is authenticated, the server generates a MK and sends it in encrypted format to the supplicant.
No.
How this MK (I think it is a random number) is encrypted? Which algorithm is used and which parameters are included (input) to disguise the MK?
The master key is not sent anywhere.
Then how the PMK is generated independently inside server and supplicant?
It is derived from the SSL session parameters.
What algorithm and parameters are used to pass the PMK to authenticator (Access point)? Please tell me clearly because I am a newbie. Which source codes include these operations, where should I look?
See the RFCs. They define all of this. i.e. this list isn't the place to learn about how the protocols work. The protocols are defined extensively in standards documents. You should consult those documents, or other "EAP howtos" to see how it works. Alan DeKok.
participants (2)
-
Alan DeKok -
Khan Ferdous Wahid