05-11-2017 08:15 AM
Talking in the context of security and certificates, I have read that "Using the server's certificate public key, the client encrypts data and sends this over to the server. The server decrypts this using its private key."
I have a question regarding to this, does the client use the public key to encrypt only the username and password for authentication or for encrypting all the user data during a session?
05-11-2017 08:55 AM
I am talking when a user is authenticating with 802.1X to a RADIUS server and using EAP-TLS. For this, both server and user must have a certificate and verify each other with these certificates. In addition, I have read that the client uses the certificate for encryption. That's the context.
05-11-2017 09:43 AM
05-11-2017 10:10 AM
You said that authentication encryption is not used for 802.11 encryption. For example, if I have my laptop connected by wire to the network (then 802.3 and not 802.11) and I am authenticating to a RADIUS server (and I have the server certificate), will the supplicant/laptop encrypt data using the certificate public key?
05-11-2017 12:35 PM
I have just read the following from the CWSP book:
Creates an Encrypted TLS Tunnel EAP protocols that require a server - side certifi cate for the authentication server are used to create Transport Layer Security (TLS) encryption tunnels. TLS is a cryptographic protocol normally used to provide secure communications at the Transport layer of the OSI model. However, in the case of 802.1X/EAP TLS technology is leveraged at Layer 2. Similar to a browser-based SSL session, the TLS protocol uses end-to-end encryption. Once the supplicant is sure of the identity of the authentication server, the supplicant then uses the certificate to establish an encrypted TLS tunnel. The supplicant identity credentials are then exchanged within the encrypted TLS tunnel. The supplicant identity, we have already learned, can come in many forms. Whatever form of identity that is passed by supplicant, it will be passed within the encrypted TLS tunnel. The TLS tunnel protects the supplicant credentials from offl ine dictionary attacks and from eavesdropping.
It seems the certificate public key is used to only encrypt the supplicant username and password, but not the subsequent data.
Thanks for recommending the CWSP book.