O'Reilly logo

Secure Programming Cookbook for C and C++ by Matt Messier, John Viega

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

8.18. Using Diffie-Hellman and DSA Together

Problem

You want to use Diffie-Hellman for key exchange, and you need some secure way to authenticate the key agreement to protect against a man-in-the-middle attack.

Solution

Use the station-to-station protocol for two-way authentication. A simple modification provides one-way authentication. For example, the server may not care to authenticate the client using public key cryptography.

Discussion

Warning

Remember, authentication requires a trusted third party or a secure channel for exchange of public DSA keys. If you’d prefer a password-based protocol that can achieve all the same properties you would get from Diffie-Hellman and DSA, see the discussion of PAX in Recipe 8.15.

Given a client initiating a connection with a server, the station-to-station protocol is as follows:

  1. The client generates a random Diffie-Hellman secret x and the corresponding public value A.

  2. The client sends A to the server.

  3. The server generates a random Diffie-Hellman secret y and the corresponding public value B.

  4. The server computes the Diffie-Hellman shared secret.

  5. The server signs a string consisting of the public values A and B with the server’s private DSA key.

  6. The server sends B and the signature to the client.

  7. The client computes the shared secret.

  8. The client validates the signature, failing if it isn’t valid.

  9. The client signs A concatenated with B using its private DSA key, and it encrypts the result using the shared secret (the secret can be postprocessed first, ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required