Question

I was looking through the working of SSL V3, and found that a connection state is defined by a set of things, including

- client write mac secret,
- server write mac secret,
- server write key,
- client write key.

I couldn't found the use of these in the SSL protocol.

As I understood from reading, after having a handshake, SSL creates a 48 byte master secret, which is used in encryption and this secret is shared by both client and server.

For what are these four values used?

Answer 1

SSL does more than just encrypt the data. It also protects it from undetected modification. To do this, when it encrypts data, it also generates a cryptographical checksum (which is termed a message authentication code or 'mac') of the plaintext record, and includes that in with the encrypted record. Now, to make sure that someone in the middle can't compute their own mac if they modify the record, the computation of these mac's use keys (which are ultimately derived from the master record, just like the encryption keys are). On decryption, the decrypter also computes the mac of the plaintext it got (using its copy of the keys), and compares it to the mac within the record; if they are identical, then the record was not modified in transit.

So, the client_write_mac_secret is the secret key used to protect records that the client sends (writes) and the server receives; the server_write_mac_secret is the secret key used to protect records that the server sends, and the client receives.

Note that both sides has both secrets; the client uses client_write_mac_secret to protect the records it sends to the client, and the server uses client_write_mac_secret to validate the records that it receives from the client.