Java Security - Retrieving Master Secret Key and Session Id in JSSE 1.6

Author

Retrieving Master Secret Key and Session Id in JSSE 1.6

abhijit.bhatode@gmail.com

2008-03-11, 7:29 pm

Hi,

I am developing a JAVA SSL client that talks with a legacy C++ server.
The server uses RSA libraries for encryption.
The JAVA client uses JSSE 1.6 for SSL communication with the server.

The SSL handshake goes through fine, however the server needs further
protocol based handshake. The RSA library allows a server to retrieve
the session key and shared master secret key. The server uses these
values to generate a challenge for the client.

The JAVA client should retrieve the session key and shared master
secret key to generate a response and send it to server. The JSSE API
documentation states that the shared master secret key is not
available for external use.

Please refer http://java.sun.com/j2se/1.4.2/docs...SERefGuide.html

Please let us know if there is any work around for this.

Regards,
Abhijit

Maarten Bodewes

2008-03-30, 10:10 pm

abhijit.bhatode@gmail.com wrote:
> Hi,
>
> I am developing a JAVA SSL client that talks with a legacy C++ server.
> The server uses RSA libraries for encryption.
> The JAVA client uses JSSE 1.6 for SSL communication with the server.
>
> The SSL handshake goes through fine, however the server needs further
> protocol based handshake. The RSA library allows a server to retrieve
> the session key and shared master secret key. The server uses these
> values to generate a challenge for the client.
>
> The JAVA client should retrieve the session key and shared master
> secret key to generate a response and send it to server. The JSSE API
> documentation states that the shared master secret key is not
> available for external use.

Why do you need the shared master secret key?

Regards,
Maarten

Sponsored Links