Master key and Pairwise Master Key

Alan DeKok aland at
Thu Jul 15 10:22:52 CEST 2010

Khan Ferdous Wahid wrote:
> I want to know about the Master key (MK) encapsulation and Pairwise
> Master key (PMK) generation during EAP-TLS or EAP-TTLS methods.

  The best source of information is the RFCs which define this.

> When the
> supplicant is authenticated, the server generates a MK and sends it in
> encrypted format to the supplicant.


> How this MK (I think it is a random
> number) is encrypted? Which algorithm is used and which parameters are
> included (input) to disguise the MK?

  The master key is not sent anywhere.

> Then how the PMK is generated
> independently inside server and supplicant?

  It is derived from the SSL session parameters.

> What algorithm and
> parameters are used to pass the PMK to authenticator (Access point)?
> Please tell me clearly because I am a newbie. Which source codes include
> these operations, where should I look?

  See the RFCs.  They define all of this.

  i.e. this list isn't the place to learn about how the protocols work.
 The protocols are defined extensively in standards documents.  You
should consult those documents, or other "EAP howtos" to see how it works.

  Alan DeKok.

More information about the Freeradius-Devel mailing list