What is the size of key material required for generating MAC keys, encryption keys and IV when use TLS_DHE_RSA_WITH_AES_256_CBC_SHA ? How to calculate it?
Asked
Active
Viewed 633 times
1 Answers
1
TLS_DHE_RSA_WITH_AES_256_CBC_SHA is
- 256-bit AES encryption
- SHA-1 message authentication
- Ephemeral Diffie-Hellman key exchange
- Signed with an RSA certificate
We can find the answer in rfc5246
Key IV Block
Cipher Type Material Size Size
------------ ------ -------- ---- -----
NULL Stream 0 0 N/A
RC4_128 Stream 16 0 N/A
3DES_EDE_CBC Block 24 8 8
AES_128_CBC Block 16 16 16
AES_256_CBC Block 32 16 16
MAC Algorithm mac_length mac_key_length
NULL N/A 0 0
MD5 HMAC-MD5 16 16
SHA HMAC-SHA1 20 20
SHA256 HMAC-SHA256 32 32
- Note 1: the values in bytes.
- Note 2: This mode is archaic and exist in TLS since TLS1.0. You should stick to TLS 1.3 which has huge cleanup and has only 5 cipher suites and all use Authenticated Encryption with Associated Data (AEAD).
