AUTH(6)                                                   AUTH(6)

     NAME
          auth - authentication using station-to-station protocol

     DESCRIPTION
          The following protocol, based on the Station-to-Station
          protocol, is used for mutual authentication of two parties,
          each possessing a certificate from the same certifying
          authority (CA).

          In the description below:

          alpha  is a Diffie-Hellman base used system wide

          p      is a Diffie-Hellman modulus used system wide

          Rx     is a random number of the same order as p.

          PKx    the public key of x

          SKx    the private key of x

          CERTx  the public key of x signed by the certifying author-
                 ity

          sign(x)
                 represents x signed with n's private key

          In the following, the parties are labelled 0 and 1.

          Each sends its public key and certificate to the other
          together with a computation alpha**r0 mod p (alpha**r1 mod
          p) based on the Diffie-Hellman parameters contained in the
          certificate:

               0 → 1  alpha**r0 mod p, CERTu0, PKu0
               1 → 0  alpha**r1 mod p, CERTu1, PKu1

          Each can now use the CA's public key and the certificate
          received to check that each has the other's public key.

          Finally, each user signs values known to both that each can
          then verify:

               0 → 1  sig0(alpha**r0 mod p, alpha**r1 mod p)
               1 → 0  sig1(alpha**r0 mod p, alpha**r1 mod p)

          At this point 0 and 1 can calculate the shared secret
          alpha**(r0*r1), and can use it to encrypt later communica-
          tions.

     Page 1                       Plan 9             (printed 3/28/24)

     AUTH(6)                                                   AUTH(6)

     SEE ALSO
          keyring-auth(2), keytext(6), login(6)

     Page 2                       Plan 9             (printed 3/28/24)