In the description below:
In the following, the parties are labelled 0 and 1.
Each sends its public key and certificate to the other together with a computation alpha**r0 mod p (alpha**r1 mod p) based on the Diffie-Hellman parameters contained in the certificate:
0 -> 1 alpha**r0 mod p, CERTu0, PKu0 1 -> 0 alpha**r1 mod p, CERTu1, PKu1
Each can now use the CA's public key and the certificate received to check that each has the other's public key.
Finally, each user signs values known to both that each can then verify:
0 -> 1 sig0(alpha**r0 mod p, alpha**r1 mod p) 1 -> 0 sig1(alpha**r0 mod p, alpha**r1 mod p)
At this point 0 and 1 can calculate the shared secret alpha**(r0*r1), and can use it to encrypt later communications.
AUTH(6 ) | Rev: Thu Feb 15 14:43:48 GMT 2007 |