AUTH(6) AUTH(6)
NAME
auth - authentication using station-to-station protocol
DESCRIPTION
The following protocol, based on the Station-to-Station
protocol, is used for mutual authentication of two parties,
each possessing a certificate from the same certifying
authority (CA).
In the description below:
alpha is a Diffie-Hellman base used system wide
p is a Diffie-Hellman modulus used system wide
Rx is a random number of the same order as p.
PKx the public key of x
SKx the private key of x
CERTx the public key of x signed by the certifying author-
ity
sign(x)
represents x signed with n's private key
In the following, the parties are labelled 0 and 1.
Each sends its public key and certificate to the other
together with a computation alpha**r0 mod p (alpha**r1 mod
p) based on the Diffie-Hellman parameters contained in the
certificate:
0 → 1 alpha**r0 mod p, CERTu0, PKu0
1 → 0 alpha**r1 mod p, CERTu1, PKu1
Each can now use the CA's public key and the certificate
received to check that each has the other's public key.
Finally, each user signs values known to both that each can
then verify:
0 → 1 sig0(alpha**r0 mod p, alpha**r1 mod p)
1 → 0 sig1(alpha**r0 mod p, alpha**r1 mod p)
At this point 0 and 1 can calculate the shared secret
alpha**(r0*r1), and can use it to encrypt later communica-
tions.
Page 1 Plan 9 (printed 11/1/24)
AUTH(6) AUTH(6)
SEE ALSO
keyring-auth(2), keytext(6), login(6)
Page 2 Plan 9 (printed 11/1/24)