next up previous
Next: 5.5 TCP Length Option Up: 5 Secure TCP Format Previous: 5.3 Negotiation Send/Reply Option

5.4 Key Exchange Send/Reply Option

The Key Exchange Send option is shown in Figure 8 and the Key Exchange Reply option is shown in Figure 9. The value of the Kind is 22 in the Key Exchange Send Option and the Kind is 23 in the Key Exchange Reply Option.

A number field shows a number of key exchange data elements. Each element is constructed by a size field and a data field. The size field shows a length of the element and the data field shows data related key exchange.

The Key Exchange Send option contains only the public-key certificate. The certificate is composed of a RSA public-key, a IP address, a date data that indicates in the term of validation period and a padding date. The RSA public-key is 64 octets (512 bits), the IP address is 4 octets (32 bits), the date data is 4 octets (32 bits) and padding data is 56 octets (448 bits). The total length of the certificate is 128 octets (1024 bits).

The Key Exchange Reply option contains the public-key certificate and session keys data. The certificate is the same in the Key Exchange Send option. The session keys data is composed of a DES session keys and padding data. The session keys are 16 octets (128 bit) and padding data is 48 octets (384bits).

Figure 8:   Key Exchange Send Option

Figure 9:   Key Exchange Reply Option

Toshiyuki Tutumi
Sat Apr 29 04:12:04 GMT+0900 1995