Master key and Pairwise Master Key encryption

Michael Lecuyer mjl at
Thu Jul 15 17:45:55 CEST 2010

I'm not sure it would help you to know how the Master Keys are generated 
or encoded - it's not simple.

It's a process involving the accumulated TLS handshake messages, random 
number generation, various sorts of key exchanges, cryptographic hashes, 
and the PRF function described in the TLS RFC's. Not really casual reading.

TTLS and TLS use different TLS PRF (Pseudo-Random Function) labels to 
generate the key material. The MMPE RFC 3079 describes the generation of 
the master MPPE keys from the PRF and how the supplicant should use 
them. Some of us find this casual reading :)

Encoding attribute data is done using a salt encoding described in RFC 
2548 with a Microsoft modification described in some MPPE RFC.

The 'code' is scattered throughout the FR rlm source (those dealing with 
TLS and the many mschap's) and in the separate OpenSSL source dealing 
with SSL/TLS.

However, in FR, it just automagically works.

Khan Ferdous Wahid wrote:
> Hi,
> I want to know about the Master key (MK) encapsulation and Pairwise 
> Master key (PMK) generation during EAP-TLS or EAP-TTLS methods. When the 
> supplicant is authenticated, the server generates a MK and sends it in 
> encrypted format to the supplicant. How this MK (I think it is a random 
> number) is encrypted? Which algorithm is used and which parameters are 
> included (input) to disguise the MK? Then how the PMK is generated 
> independently inside server and supplicant? What algorithm and 
> parameters are used to cryptically pass the PMK to authenticator (Access 
> point)? Please tell me clearly because I am a newbie. Which source codes 
> include these operations, where should I look?
> Thank you.
> /Khan
> ------------------------------------------------------------------------
> -
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list