Expand all | Collapse all

Diffie Hellman session key

Jump to Best Answer
  • 1.  Diffie Hellman session key

    Posted 04-26-2017 06:43

    Does the session key generated by Diffie Hellman algorithim used to secure the symmetric key exchange ( like encrypte the symmetric key at the sender and the receiever decrypte it use the session key to get the symmetric key) or is used with nonce to (( Create )) symmetric key ????

  • 2.  RE: Diffie Hellman session key

    Posted 04-26-2017 12:12



    Diffie-Hellman algorithm creates a SYMMETRIC key.

    The derivatives of this key are used for encrypting and checking integrity of traffic in the tunnel.

  • 3.  RE: Diffie Hellman session key

    Posted 04-27-2017 09:17

    any updates please

  • 4.  RE: Diffie Hellman session key

    Posted 04-26-2017 15:03
    Thx for the replay
    Would you please give more explanation , i dont understand

  • 5.  RE: Diffie Hellman session key
    Best Answer

    Posted 04-27-2017 14:49

    Not sure where are you in the process of studying the stuff. Let me explain this as follows.


    Peers A and B want to create a VPN tunnel between each other. Each peer generates a pair of keys: public_A/private_A; public_B/private_B. Then they send public keys to each other. Private keys are kept in secret:


    A                                B
    public_A --------->
                       <----------- public_B

    Then, using its own private key and public key received from peer, each peer calculates a session key. Due to math used, that key is the same for both peers, and it never passes through the medium (e.g. Internet). This is basically how a DH exchange works. And this is used when VPN (IKE) tunnel is set up.


    Then, for securing the traffic in a tunnel, derivatives of the (symmetric) session key are used.


    The challenge here is to not confuse the following:

    1) public/private keys used during DH exchange (asymmetric)

    2) session key, generated from them (symmetric)

    3) pre-shared key (symmetric) used for authenticating the peer (if certs are not used)


    I hope this info helps, together with what you can find on Wikipedia and other resources.