You are developing a client/server-based application in which the client shall communicate with the server through a trusted channel. Which of the following is the best design of key exchange to encrypt data in transit? (Source: Wentz QOTD)
A. The client encrypts the preshared key using its private key
B. The client encrypts the premaster key using the server’s private key
C. The client encrypts the session key using the server’s public key
D. The client encrypts the master key using the server’s public key

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. The client encrypts the session key using the server’s public key.

Key Generation

The session key, generated by the master key, is used to encrypt data. The master key, in a fixed length, is produced by the premaster key, which is of variable length depending on the key exchange method.

The purpose of the master key is to generate session key(s) instead of encrypting data.

The Purpose of the Private Key

The purpose of the private key is to sign documents instead of encrypting documents. The secret key should be encrypted by the recipient’s public key.

Reference

• Master/Session
• Master Key
• MicroNugget: What are SSL Session Keys?
• Encryption Basics | Public Key Encryption | SSL
• TLS, Pre-Master Secrets and Master Secrets
• Differences between the terms “pre-master secret”, “master secret”, “private key”, and “shared secret”?
• Master Secret
• TLS Security 5: Establishing a TLS Connection
• Transport Layer Security (TLS)
• TLS Handshake : Under The Hood

您正在開發Clien/Server架構的應用程式，客戶端透過受信任通道與伺服器進行通訊。
以下哪種金鑰交換是最佳設計，可以保護傳輸中的數據安全？
A. 客戶端通過其私鑰，加密預共享密鑰 (preshared)
B. 客戶端通過服務器的私鑰，加密預主密鑰 (premaster key)
C. 客戶端通過服務器的公鑰，加密會話密鑰 (session key)
D. 客戶端通過服務器的公鑰，加密主密鑰(master key)