be closed immediately.
o Public Key (or certificate) (variable length) - The
- public key or certificate. The public key or certificate
- in this field is encoded in the manner as defined in their
- respective definitions; see previous field.
+ public key or certificate of the party. This public key
+ is used to verify the digital signature. The public key
+ or certificate in this field is encoded in the manner as
+ defined in their respective definitions; see previous field.
o Public Data Length (2 bytes) - The length of the Public Data
field, not including any other field.
o Public Data (variable length) - The public data to be
- sent to the receiver. See section 2.2 Key Exchange
- Procedure for detailed description how this field is
- computed. This value is binary encoded.
+ sent to the receiver (Diffie-Hellman public values). See
+ section 2.2 Key Exchange Procedure for detailed description
+ how this field is computed. This value is binary encoded.
o Signature Length (2 bytes) - The length of the signature,
not including any other field.
If the Mutual Authentication flag is set then initiator
MUST also produce signature data SIGN_i which the responder
will verify. The initiator MUST compute a hash value
- HASH_i = hash(Key Exchange Start Payload | public key
- (or certificate) | e). It then signs the HASH_i value with
- its private key resulting a signature SIGN_i.
+ HASH_i = hash(Initiator's Key Exchange Start Payload |
+ public key (or certificate) | e). It then signs the HASH_i
+ value with its private key resulting a signature SIGN_i.
2. Responder generates a random number y, where 1 < y < q,
and computes f = g ^ y mod p. It then computes the
shared secret KEY = e ^ y mod p, and, a hash value
- HASH = hash(Key Exchange Start Payload data | public
- key (or certificate) | Initiator's public key (or
- certificate) | e | f | KEY). It then signs
+ HASH = hash(Initiator's Key Exchange Start Payload |
+ public key (or certificate) | Initiator's public key
+ (or certificate) | e | f | KEY). It then signs
the HASH value with its private key resulting a signature
SIGN.