8.18. Using Diffie-Hellman and DSA Together

Problem

You want to use Diffie-Hellman for key exchange, and you need some secure way to authenticate the key agreement to protect against a man-in-the-middle attack.

Solution

Use the station-to-station protocol for two-way authentication. A simple modification provides one-way authentication. For example, the server may not care to authenticate the client using public key cryptography.

Discussion

Warning

Remember, authentication requires a trusted third party or a secure channel for exchange of public DSA keys. If you’d prefer a password-based protocol that can achieve all the same properties you would get from Diffie-Hellman and DSA, see the discussion of PAX in Recipe 8.15.

Given a client initiating a connection with a server, the station-to-station protocol is as follows:

  1. The client generates a random Diffie-Hellman secret x and the corresponding public value A.

  2. The client sends A to the server.

  3. The server generates a random Diffie-Hellman secret y and the corresponding public value B.

  4. The server computes the Diffie-Hellman shared secret.

  5. The server signs a string consisting of the public values A and B with the server’s private DSA key.

  6. The server sends B and the signature to the client.

  7. The client computes the shared secret.

  8. The client validates the signature, failing if it isn’t valid.

  9. The client signs A concatenated with B using its private DSA key, and it encrypts the result using the shared secret (the secret can be postprocessed first, ...

Get Secure Programming Cookbook for C and C++ now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.