Master key and Pairwise Master Key encryption

Khan Ferdous Wahid khanferdous.wahid at
Mon Jul 19 20:47:07 CEST 2010

Thank you Michael Lecuyer for such detailed description. I will look at
those RFCs.


On Thu, Jul 15, 2010 at 5:45 PM, Michael Lecuyer <mjl at> wrote:

> I'm not sure it would help you to know how the Master Keys are generated or
> encoded - it's not simple.
> It's a process involving the accumulated TLS handshake messages, random
> number generation, various sorts of key exchanges, cryptographic hashes, and
> the PRF function described in the TLS RFC's. Not really casual reading.
> TTLS and TLS use different TLS PRF (Pseudo-Random Function) labels to
> generate the key material. The MMPE RFC 3079 describes the generation of the
> master MPPE keys from the PRF and how the supplicant should use them. Some
> of us find this casual reading :)
> Encoding attribute data is done using a salt encoding described in RFC 2548
> with a Microsoft modification described in some MPPE RFC.
> The 'code' is scattered throughout the FR rlm source (those dealing with
> TLS and the many mschap's) and in the separate OpenSSL source dealing with
> However, in FR, it just automagically works.
> Khan Ferdous Wahid wrote:
>> Hi,
>> I want to know about the Master key (MK) encapsulation and Pairwise Master
>> key (PMK) generation during EAP-TLS or EAP-TTLS methods. When the supplicant
>> is authenticated, the server generates a MK and sends it in encrypted format
>> to the supplicant. How this MK (I think it is a random number) is encrypted?
>> Which algorithm is used and which parameters are included (input) to
>> disguise the MK? Then how the PMK is generated independently inside server
>> and supplicant? What algorithm and parameters are used to cryptically pass
>> the PMK to authenticator (Access point)? Please tell me clearly because I am
>> a newbie. Which source codes include these operations, where should I look?
>> Thank you.
>> /Khan
>> ------------------------------------------------------------------------
>> -
>> List info/subscribe/unsubscribe? See
> -
> List info/subscribe/unsubscribe? See
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list