3.2.4.2 R_KeyExchangePhase1 (Opnum 26)

  • Article

The client MUST perform the following steps to process R_KeyExchangePhase1:

  • Generate or look up the client's key exchange key.

  • Generate or look up the client's signature key.

  • Build an IIS_CRYPTO_BLOB structure with the BlobSignature field set to PUBLIC_KEY_BLOB_SIGNATURE to store the client's key exchange public key.

  • Build an IIS_CRYPTO_BLOB structure with the BlobSignature field set to PUBLIC_KEY_BLOB_SIGNATURE to store the client's signature public key.

  • Send IIS_CRYPTO_BLOBs built in the previous two steps to the server by using the R_KeyExchangePhase1 method.

  • Wait for the response from the server.

  • Retrieve the server's key exchange public key from the IIS_CRYPTO_BLOB structure with the BlobSignature field set to PUBLIC_KEY_BLOB_SIGNATURE.

  • Retrieve the server's signature public key from the IIS_CRYPTO_BLOB structure with the BlobSignature field set to PUBLIC_KEY_BLOB_SIGNATURE.

  • Retrieve the server's session key from the IIS_CRYPTO_BLOB structure with the BlobSignature field set to SESSION_KEY_BLOB_SIGNATURE.

  • Decrypt the server's session key by using the client's key exchange private key.

  • In the case of success, the client MUST proceed with the R_KeyExchangePhase2 method.