Can I access the master key negotiated during ssl handshake?
[169 byte] By [bjornSa] at [2007-10-1 0:01:43] 
I'm implementing EAP/TLS and need acces to the master key negotiated during handshake. Is there a way to access in Java, I know I can do it in C++ using openssl.
No. You can only get what SSLSession exports about the handshake.
ejpa at 2007-7-7 15:45:47 >
Further to this, I had a look at the OpenSSL API. Where in it does it give you access to the master key?
ejpa at 2007-7-7 15:45:47 >
The main structure SSL gives you access to the SSL_SESSION and SSL3_STATE structures which gives access to master key client random server random etc etcliek this:SSL*
bjornSa at 2007-7-7 15:45:47 >
Thanks. I think Sun only implemented the function calls for sessions and kept the data hidden, no doubt for security reasons. Next question is why do you want access to the master key?
ejpa at 2007-7-7 15:45:47 >
As I said earlier I implementing a RADIUS server or at least the part that handle EAP/TLS. When I'm supposed to send the Accept package back to the NAS iI have to send some session keys later used by the NAS and the, in this case, laptop trying to access. These keys are used to derive dynamic WEP keys and must be derived from the negotiated TLS master key
bjornSa at 2007-7-7 15:45:47 >
Did you find out how to do this? Is it possible with the SSLEngine/SSLSession or did you switch to another SSL/TLS package?
_egelnora at 2007-7-7 15:45:47 >
It isn't possible with vanilla Sun SSLSockets or the SSLEngine or indeed anywhere in Sun's implementation of JSSEn because no API is provided for it. Maybe another vendor's implementation of JSSE may ake it available, or maybe the non-JSSE-compliant Phaos implementation does it, I haven't looked at it for years: http://www.phaos.com which now redirects to Oracle. I can't help thinking that if you really need the session key you really have a bigger problem, session keys are supposed to be secret and temporary.
ejpa at 2007-7-7 15:45:47 >
True, but precisely like bjornS, I'm developing a EAP-TLS authentication over RADIUS, and the MS-MPPE-Send- and Recv-Keys are both generated from the Master Key, Client and Server Random values (with the PRF() function defined for TLS handshaking). So it seems like I've to check another JSSE implementation, or maybe implement that handshaking myself. I looked into Sun's implementation and found the PRF and Handshaker classes, but no way to access it in the way I need (all private, and in the "internal" package). But that is probably the way it should be. When running in debug mode, (debug=ssl;keygen) the keys/random values are displayed.
_egelnora at 2007-7-7 15:45:47 >
Won't another master_secret do? surely there is no way for anybody external to SSL to know that it is different from the one SSL is using. If so, negotiate your own over SSL, very easy once you have a secure channel.
ejpa at 2007-7-7 15:45:47 >
@bjornS,egelNor
hello...
i have a little question (maybe a little offtopic)
i am write my exam these days and its about wlan 802.1x stuff.
because my subject is to make a hotspot solution for private useres
i dont have time to programm a radius server totally myself
but using freeradius / jradius instead
but i am not very happy with that - so i asked myself if you produced code wich
you would give to others (me) for a opensource java radius server
or maybe one wich could be used for my exam.
greetings grischan grischan@web.de
glanza at 2007-7-7 15:45:47 >
Security New Topic
Security Hot Topic
Security
All Classified
- Archived Forums
- Enterprise & Remote Computing
- Java Essentials
- Desktop
- Core
- Solaris Operating System
- Security
- Database Connectivity
- Java Mobility Forums
- Web & Directory Servers
- Development Tools
- Application & Integration Servers
- Java HotSpot Virtual Machine
- Other Topics
- E-Mail, Calendar, & Collaboration
- Developer Tools
- General
- Administration Tools
- Sun Hardware
- Storage Forums
- Java Enterprise System
- StarOffice
- Open Source Technologies
- BigAdmin
- Real-Time
- Java Coding