SRX

Does the session key generated by Diffie Hellman algorithim used to secure the symmetric key exchange ( like encrypte the symmetric key at the sender and the receiever decrypte it use the session key to get the symmetric key) or is used with nonce to (( Create )) symmetric key ????

Hi

Diffie-Hellman algorithm creates a SYMMETRIC key.

The derivatives of this key are used for encrypting and checking integrity of traffic in the tunnel.

any updates please

Not sure where are you in the process of studying the stuff. Let me explain this as follows.

Peers A and B want to create a VPN tunnel between each other. Each peer generates a pair of keys: public_A/private_A; public_B/private_B. Then they send public keys to each other. Private keys are kept in secret:

A                                B
public_A --------->
                   <----------- public_B

Then, using its own private key and public key received from peer, each peer calculates a session key. Due to math used, that key is the same for both peers, and it never passes through the medium (e.g. Internet). This is basically how a DH exchange works. And this is used when VPN (IKE) tunnel is set up.

Then, for securing the traffic in a tunnel, derivatives of the (symmetric) session key are used.

The challenge here is to not confuse the following:

1) public/private keys used during DH exchange (asymmetric)

2) session key, generated from them (symmetric)

3) pre-shared key (symmetric) used for authenticating the peer (if certs are not used)

I hope this info helps, together with what you can find on Wikipedia and other resources.