In the examples below, the transport headers are omitted:
For example, for the abridged version of the transport », the client sends
0xef
as the first byte (important: only prior to the very first data packet), then the packet length is encoded with a single byte (0x01-0x7e
= data length divided by 4; or0x7f
followed by 3 bytes (little endian) divided by 4) followed by the data itself. In this case, server responses have the same structure (although the server does not send0xef
as the first byte).
Detailed documentation on creating authorization keys is available here ».
Sent payload (excluding transport headers/trailers):
0000 | 00 00 00 00 00 00 00 00 78 D5 05 00 8B 6E C8 68
0010 | 14 00 00 00 F1 8E 7E BE 50 C8 61 45 2D E4 03 32
0020 | 0D A6 38 89 D4 EF 03 AB
Payload (de)serialization:
req_pq_multi#be7e8ef1 nonce:int128 = ResPQ;
Parameter | Offset, Length in bytes | Value | Description |
---|---|---|---|
auth_key_id | 0, 8 | 0000000000000000 |
0 since the message is in plain text |
message_id | 8, 8 | 78D505008B6EC868 |
Message ID generated as specified here » (unixtime() << 32) + (N*4) |
message_length | 16, 4 | 14000000 (20 in decimal) |
Message body length |
%(req_pq_multi) | 20, 4 | f18e7ebe |
req_pq_multi constructor number from TL schema |
nonce | 24, 16 | 50C861452DE403320DA63889D4EF03AB |
Random number |
Received payload (excluding transport headers/trailers):
0000 | 00 00 00 00 00 00 00 00 01 14 72 77 8B 6E C8 68
0010 | 50 00 00 00 63 24 16 05 50 C8 61 45 2D E4 03 32
0020 | 0D A6 38 89 D4 EF 03 AB C0 BB 43 6F 82 EE 94 AE
0030 | CE AD 50 61 1E AC 51 6B 08 13 9C 39 A0 5D D1 F9
0040 | A3 00 00 00 15 C4 B5 1C 03 00 00 00 85 FD 64 DE
0050 | 85 1D 9D D0 A5 B7 F7 09 35 5F C3 0B 21 6B E8 6C
0060 | 02 2B B4 C3
Payload (de)serialization:
resPQ#05162463 nonce:int128 server_nonce:int128 pq:string server_public_key_fingerprints:Vector<strlong> = ResPQ;
Parameter | Offset, Length in bytes | Value | Description |
---|---|---|---|
auth_key_id | 0, 8 | 0000000000000000 |
0 since the message is in plain text |
message_id | 8, 8 | 011472778B6EC868 |
Message ID generated as specified here » (unixtime() << 32) + (N*4) |
message_length | 16, 4 | 50000000 (80 in decimal) |
Message body length |
%(resPQ) | 20, 4 | 63241605 |
resPQ constructor number from TL schema |
nonce | 24, 16 | 50C861452DE403320DA63889D4EF03AB |
Value generated by client in Step 1 |
server_nonce | 40, 16 | C0BB436F82EE94AECEAD50611EAC516B |
Server-generated random number |
pq | 56, 12 | 08139C39A05DD1F9A3000000 TL byte deserialization => bigendian conversion to decimal => 1413067744019085731 |
Single-byte prefix denoting length, an 8-byte string, and three bytes of padding |
%(Vector strlong) | 68, 4 | 15c4b51c |
Vector t constructor number from TL schema |
count | 72, 4 | 03000000 |
Number of elements in server_public_key_fingerprints |
server_public_key_fingerprints[0] | 76, 8 | 85FD64DE851D9DD0 |
64 lower-order bits of SHA1(server_public_key) |
server_public_key_fingerprints[1] | 84, 8 | A5B7F709355FC30B |
64 lower-order bits of SHA1(server_public_key) |
server_public_key_fingerprints[2] | 92, 8 | 216BE86C022BB4C3 |
64 lower-order bits of SHA1(server_public_key) |
In our case, the client only has the following public keys, with the following fingerprints:
85FD64DE851D9DD0
Let's choose the only matching key, the one with fingerprint equal to 85FD64DE851D9DD0
.
pq = 1413067744019085731
Decompose into 2 prime cofactors p < q
: 1413067744019085731 = 1040262151 * 1358376581
p = 1040262151
q = 1358376581
encrypted_data
payload generationFirst of all, generate an encrypted_data
payload as follows:
Generated payload (excluding transport headers/trailers):
0000 | 95 5F F5 A9 08 13 9C 39 A0 5D D1 F9 A3 00 00 00
0010 | 04 3E 01 24 07 00 00 00 04 50 F7 2E 85 00 00 00
0020 | 50 C8 61 45 2D E4 03 32 0D A6 38 89 D4 EF 03 AB
0030 | C0 BB 43 6F 82 EE 94 AE CE AD 50 61 1E AC 51 6B
0040 | 81 FC 74 6B 57 57 5C 67 C2 6B 79 73 12 86 3D 53
0050 | A6 21 FF 5F EB E4 05 94 CD 54 DC 87 C5 18 41 8A
0060 | 02 00 00 00
Payload (de)serialization:
p_q_inner_data_dc#a9f55f95 pq:string p:string q:string nonce:int128 server_nonce:int128 new_nonce:int256 dc:int = P_Q_inner_data;
Parameter | Offset, Length in bytes | Value | Description |
---|---|---|---|
%(p_q_inner_data_dc) | 0, 4 | 955ff5a9 |
p_q_inner_data_dc constructor number from TL schema |
pq | 4, 12 | 08139C39A05DD1F9A3000000 TL byte deserialization => bigendian conversion to decimal => 1413067744019085731 |
Single-byte prefix denoting length, 8-byte string, and three bytes of padding |
p | 16, 8 | 043E012407000000 TL byte deserialization => bigendian conversion to decimal => 1040262151 |
First prime cofactor: single-byte prefix denoting length, 4-byte string, and three bytes of padding |
q | 24, 8 | 0450F72E85000000 TL byte deserialization => bigendian conversion to decimal => 1358376581 |
Second prime cofactor: single-byte prefix denoting length, 4-byte string, and three bytes of padding |
nonce | 32, 16 | 50C861452DE403320DA63889D4EF03AB |
Value generated by client in Step 1 |
server_nonce | 48, 16 | C0BB436F82EE94AECEAD50611EAC516B |
Value received from server in Step 2 |
new_nonce | 64, 32 | 81FC746B57575C67C26B797312863D53 A621FF5FEBE40594CD54DC87C518418A |
Client-generated random number |
dc | 96, 4 | 02000000 (2 in decimal) |
DC ID: 10000 (decimal) has to be added to the DC ID to connect to the test servers; it has to be made negative if the DC we're connecting to is a media (not CDN) DC. |
The serialization of P_Q_inner_data produces data, which is used to generate encrypted_data as specified in step 4.1.
These are the inputs to the algorithm specified in step 4.1:
data = 955FF5A908139C39A05DD1F9A3000000043E0124070000000450F72E8500000050C861452DE403320DA63889D4EF03ABC0BB436F82EE94AECEAD50611EAC516B81FC746B57575C67C26B797312863D53A621FF5FEBE40594CD54DC87C518418A02000000
random_padding_bytes = 3BA0F371419E95599863AD74701C085F564D54C9DC15150D30ED7DBEB97A8E46B125361C013811288CE70F5494440320B5851CD8735064E4E5AFB5C44DC8B2A17A4DF7C3E3531429620799418089C4D3384799796D66D4B9A5A9F260
And this is the output:
encrypted_data = 56FFC1D4EF863632FCC4FD91847B8B44CE192AEC40201758F2CAB3BC4ACCB84D0554B25C35D9979B24B7660015C3BA30D404DCB4C8C37F86DDAA13BDEF50AFCF57365637B9FF0AF70DD1DE6E95904AEBF99A5065899CD67064CCB23AC6A199941DB54F4AF5B53E88E8933682276E3F03C41E262F4BFCC8650B095720B0D8C98E230566F6D688471BCBD75C44ADD29D8A00CE976C02E5686F953EE9F19689D6B2D8C217E005F57514D780EF4601073E6DEFABF109E7282E1B3AE659987A2A95F12F49DE4F57D8F2B20B3C78C3998BC3CFDA6592598547313F935D7263BAE73296C69C4D1327B9953FA7BE31171A892C6EC7953C8919EF587A68D7FE37DB9799BA
The length of the final string is 256 bytes.
encrypted_data
Sent payload (excluding transport headers/trailers):
0000 | 00 00 00 00 00 00 00 00 7C D5 05 00 8B 6E C8 68
0010 | 40 01 00 00 BE E4 12 D7 50 C8 61 45 2D E4 03 32
0020 | 0D A6 38 89 D4 EF 03 AB C0 BB 43 6F 82 EE 94 AE
0030 | CE AD 50 61 1E AC 51 6B 04 3E 01 24 07 00 00 00
0040 | 04 50 F7 2E 85 00 00 00 85 FD 64 DE 85 1D 9D D0
0050 | FE 00 01 00 56 FF C1 D4 EF 86 36 32 FC C4 FD 91
0060 | 84 7B 8B 44 CE 19 2A EC 40 20 17 58 F2 CA B3 BC
0070 | 4A CC B8 4D 05 54 B2 5C 35 D9 97 9B 24 B7 66 00
0080 | 15 C3 BA 30 D4 04 DC B4 C8 C3 7F 86 DD AA 13 BD
0090 | EF 50 AF CF 57 36 56 37 B9 FF 0A F7 0D D1 DE 6E
00A0 | 95 90 4A EB F9 9A 50 65 89 9C D6 70 64 CC B2 3A
00B0 | C6 A1 99 94 1D B5 4F 4A F5 B5 3E 88 E8 93 36 82
00C0 | 27 6E 3F 03 C4 1E 26 2F 4B FC C8 65 0B 09 57 20
00D0 | B0 D8 C9 8E 23 05 66 F6 D6 88 47 1B CB D7 5C 44
00E0 | AD D2 9D 8A 00 CE 97 6C 02 E5 68 6F 95 3E E9 F1
00F0 | 96 89 D6 B2 D8 C2 17 E0 05 F5 75 14 D7 80 EF 46
0100 | 01 07 3E 6D EF AB F1 09 E7 28 2E 1B 3A E6 59 98
0110 | 7A 2A 95 F1 2F 49 DE 4F 57 D8 F2 B2 0B 3C 78 C3
0120 | 99 8B C3 CF DA 65 92 59 85 47 31 3F 93 5D 72 63
0130 | BA E7 32 96 C6 9C 4D 13 27 B9 95 3F A7 BE 31 17
0140 | 1A 89 2C 6E C7 95 3C 89 19 EF 58 7A 68 D7 FE 37
0150 | DB 97 99 BA
Payload (de)serialization:
req_DH_params#d712e4be nonce:int128 server_nonce:int128 p:string q:string public_key_fingerprint:long encrypted_data:string = Server_DH_Params;
Parameter | Offset, Length in bytes | Value | Description |
---|---|---|---|
auth_key_id | 0, 8 | 0000000000000000 |
0 since the message is in plain text |
message_id | 8, 8 | 7CD505008B6EC868 |
Message ID generated as specified here » (unixtime() << 32) + (N*4) |
message_length | 16, 4 | 40010000 (320 in decimal) |
Message body length |
%(req_DH_params) | 20, 4 | bee412d7 |
req_DH_params constructor number from TL schema |
nonce | 24, 16 | 50C861452DE403320DA63889D4EF03AB |
Value generated by client in Step 1 |
server_nonce | 40, 16 | C0BB436F82EE94AECEAD50611EAC516B |
Value received from server in Step 2 |
p | 56, 8 | 043E012407000000 TL byte deserialization => bigendian conversion to decimal => 1040262151 |
First prime cofactor: single-byte prefix denoting length, 4-byte string, and three bytes of padding |
q | 64, 8 | 0450F72E85000000 TL byte deserialization => bigendian conversion to decimal => 1358376581 |
Second prime cofactor: single-byte prefix denoting length, 4-byte string, and three bytes of padding |
public_key_fingerprint | 72, 8 | 85FD64DE851D9DD0 |
fingerprint of public key used |
encrypted_data | 80, 260 | FE00010056FFC1D4EF863632FCC4FD91 847B8B44CE192AEC40201758F2CAB3BC 4ACCB84D0554B25C35D9979B24B76600 15C3BA30D404DCB4C8C37F86DDAA13BD EF50AFCF57365637B9FF0AF70DD1DE6E 95904AEBF99A5065899CD67064CCB23A C6A199941DB54F4AF5B53E88E8933682 276E3F03C41E262F4BFCC8650B095720 B0D8C98E230566F6D688471BCBD75C44 ADD29D8A00CE976C02E5686F953EE9F1 9689D6B2D8C217E005F57514D780EF46 01073E6DEFABF109E7282E1B3AE65998 7A2A95F12F49DE4F57D8F2B20B3C78C3 998BC3CFDA6592598547313F935D7263 BAE73296C69C4D1327B9953FA7BE3117 1A892C6EC7953C8919EF587A68D7FE37 DB9799BA |
Value generated above |
Received payload (excluding transport headers/trailers):
0000 | 00 00 00 00 00 00 00 00 01 9C 5B A9 8B 6E C8 68
0010 | 78 02 00 00 5C 07 E8 D0 50 C8 61 45 2D E4 03 32
0020 | 0D A6 38 89 D4 EF 03 AB C0 BB 43 6F 82 EE 94 AE
0030 | CE AD 50 61 1E AC 51 6B FE 50 02 00 D6 A4 99 14
0040 | 2F 3C 6D 3D B5 B6 9A 02 F9 9A 33 71 C9 9E DA CB
0050 | D3 64 F3 2F 7E BE 05 79 91 16 5B 66 1B 9B 99 45
0060 | F0 33 84 D5 65 9C 07 BB 48 9A 1D 0D 74 A6 D9 5E
0070 | 25 C5 53 9B A8 68 0A 1F F4 38 FE 9A DD 80 6B 5E
0080 | 0F AB D0 EB 01 ED 2F 05 3E 1E CD B5 3E D1 B2 B4
0090 | AF E0 AB 31 0A B4 BD 3B 5F 2C FA 1A 48 D7 85 E6
00A0 | B4 F9 FD 6F 78 DC 62 2D F0 31 97 66 E0 F8 82 F5
00B0 | 98 66 63 B8 F1 18 A1 03 F4 D6 8E 80 B6 B1 DC FE
00C0 | 4E 06 28 98 7D 07 A7 50 AF C9 D1 10 65 B4 8E 4D
00D0 | 74 F1 F0 DE 1C 8A 3A AE 68 D6 24 B1 A0 D9 8C DB
00E0 | AC 20 4F C4 7B 4D 9B 3A C8 B4 C8 19 37 7C A9 8B
00F0 | 2C 84 56 E1 9F E1 AD 53 D8 D6 61 5F 43 43 2E 28
0100 | 57 49 54 46 9F 71 72 51 83 7F E8 7E 62 BA 14 19
0110 | B3 EA FD 41 C3 C4 45 3B 6F 2C 28 AF 43 B2 88 51
0120 | DC 8A BA AB 31 77 AB 41 A2 E0 FB CE 15 1F 55 EA
0130 | 7F E9 12 C2 E8 7B AE 77 0A 3C BA 88 90 7C 60 FC
0140 | E2 CE 21 C1 D9 73 12 B4 87 CE 48 65 E2 57 23 2B
0150 | A4 7B 9E AF 94 4F AA D1 6B 2C AC 75 CB CF 67 78
0160 | 50 3E 9E DD A5 AF 81 8B D2 79 7A 00 F4 C4 96 83
0170 | 50 D2 5C 51 DF CB 68 81 D3 5D 7D 7C 3C 97 C7 81
0180 | B1 BE 8B FF 16 D7 E2 99 BE C9 B0 57 4F E2 DB FE
0190 | 78 CD 25 A5 37 6C 35 06 BC 76 BC A9 B1 22 D6 FE
01A0 | 07 AC A2 4E 13 18 7C C5 E9 51 F2 38 25 A9 E5 F4
01B0 | 3D 76 FE A9 F9 76 17 AB 79 65 5E 6D 70 0F 14 06
01C0 | E7 FA 1C 16 81 4B 0F 4F EA 5C FD ED 0D 85 02 8D
01D0 | 37 14 B2 AD A9 42 8A 8E CC 8E 4A F8 C0 4E 42 E5
01E0 | 81 74 9B B1 52 AF 3B E0 25 2A 6A 84 D1 89 74 1D
01F0 | 31 C4 29 23 2E 0A BB F3 E7 0B 59 66 F8 D1 67 57
0200 | 8C 0D 37 00 1B 24 EE 2B E2 E5 84 DA 86 4C 69 AA
0210 | 5B 4F 84 BA 2D DE 42 E0 33 F6 13 47 D7 69 5A D0
0220 | 3D 44 B9 E0 CA 20 EE FF 9D F9 68 F3 CC 1C 3E 0A
0230 | B2 DC B5 F9 FC B0 89 35 0D 8A F5 B1 EB BD 3D 59
0240 | B0 64 EA CD 35 0E 27 FA 72 C8 CC E9 EC DB 6B 08
0250 | 38 1E 28 3C C1 77 FE 7A DF 50 CB B1 DC 51 D2 0E
0260 | DF AE 75 D6 93 41 C0 BD 9A D9 E7 30 35 A9 4F 87
0270 | 5D 8B C6 8D 5E 35 1C C0 38 EE 33 C1 0C 1A 5D 6B
0280 | 0F B8 17 6B DB 71 F6 F2 8D 46 9F 6A
Payload (de)serialization:
server_DH_params_ok#d0e8075c nonce:int128 server_nonce:int128 encrypted_answer:string = Server_DH_Params;
Parameter | Offset, Length in bytes | Value | Description |
---|---|---|---|
auth_key_id | 0, 8 | 0000000000000000 |
0 since the message is in plain text |
message_id | 8, 8 | 019C5BA98B6EC868 |
Message ID generated as specified here » (unixtime() << 32) + (N*4) |
message_length | 16, 4 | 78020000 (632 in decimal) |
Message body length |
%(server_DH_params_ok) | 20, 4 | 5c07e8d0 |
server_DH_params_ok constructor number from TL schema |
nonce | 24, 16 | 50C861452DE403320DA63889D4EF03AB |
Value generated by client in Step 1 |
server_nonce | 40, 16 | C0BB436F82EE94AECEAD50611EAC516B |
Value received from server in Step 2 |
encrypted_answer | 56, 596 | FE500200D6A499142F3C6D3DB5B69A02 F99A3371C99EDACBD364F32F7EBE0579 91165B661B9B9945F03384D5659C07BB 489A1D0D74A6D95E25C5539BA8680A1F F438FE9ADD806B5E0FABD0EB01ED2F05 3E1ECDB53ED1B2B4AFE0AB310AB4BD3B 5F2CFA1A48D785E6B4F9FD6F78DC622D F0319766E0F882F5986663B8F118A103 F4D68E80B6B1DCFE4E0628987D07A750 AFC9D11065B48E4D74F1F0DE1C8A3AAE 68D624B1A0D98CDBAC204FC47B4D9B3A C8B4C819377CA98B2C8456E19FE1AD53 D8D6615F43432E28574954469F717251 837FE87E62BA1419B3EAFD41C3C4453B 6F2C28AF43B28851DC8ABAAB3177AB41 A2E0FBCE151F55EA7FE912C2E87BAE77 0A3CBA88907C60FCE2CE21C1D97312B4 87CE4865E257232BA47B9EAF944FAAD1 6B2CAC75CBCF6778503E9EDDA5AF818B D2797A00F4C4968350D25C51DFCB6881 D35D7D7C3C97C781B1BE8BFF16D7E299 BEC9B0574FE2DBFE78CD25A5376C3506 BC76BCA9B122D6FE07ACA24E13187CC5 E951F23825A9E5F43D76FEA9F97617AB 79655E6D700F1406E7FA1C16814B0F4F EA5CFDED0D85028D3714B2ADA9428A8E CC8E4AF8C04E42E581749BB152AF3BE0 252A6A84D189741D31C429232E0ABBF3 E70B5966F8D167578C0D37001B24EE2B E2E584DA864C69AA5B4F84BA2DDE42E0 33F61347D7695AD03D44B9E0CA20EEFF 9DF968F3CC1C3E0AB2DCB5F9FCB08935 0D8AF5B1EBBD3D59B064EACD350E27FA 72C8CCE9ECDB6B08381E283CC177FE7A DF50CBB1DC51D20EDFAE75D69341C0BD 9AD9E73035A94F875D8BC68D5E351CC0 38EE33C10C1A5D6B0FB8176BDB71F6F2 8D469F6A |
See below |
Decrypt encrypted_answer
using the reverse of the process specified in step 6:
encrypted_answer = D6A499142F3C6D3DB5B69A02F99A3371C99EDACBD364F32F7EBE057991165B661B9B9945F03384D5659C07BB489A1D0D74A6D95E25C5539BA8680A1FF438FE9ADD806B5E0FABD0EB01ED2F053E1ECDB53ED1B2B4AFE0AB310AB4BD3B5F2CFA1A48D785E6B4F9FD6F78DC622DF0319766E0F882F5986663B8F118A103F4D68E80B6B1DCFE4E0628987D07A750AFC9D11065B48E4D74F1F0DE1C8A3AAE68D624B1A0D98CDBAC204FC47B4D9B3AC8B4C819377CA98B2C8456E19FE1AD53D8D6615F43432E28574954469F717251837FE87E62BA1419B3EAFD41C3C4453B6F2C28AF43B28851DC8ABAAB3177AB41A2E0FBCE151F55EA7FE912C2E87BAE770A3CBA88907C60FCE2CE21C1D97312B487CE4865E257232BA47B9EAF944FAAD16B2CAC75CBCF6778503E9EDDA5AF818BD2797A00F4C4968350D25C51DFCB6881D35D7D7C3C97C781B1BE8BFF16D7E299BEC9B0574FE2DBFE78CD25A5376C3506BC76BCA9B122D6FE07ACA24E13187CC5E951F23825A9E5F43D76FEA9F97617AB79655E6D700F1406E7FA1C16814B0F4FEA5CFDED0D85028D3714B2ADA9428A8ECC8E4AF8C04E42E581749BB152AF3BE0252A6A84D189741D31C429232E0ABBF3E70B5966F8D167578C0D37001B24EE2BE2E584DA864C69AA5B4F84BA2DDE42E033F61347D7695AD03D44B9E0CA20EEFF9DF968F3CC1C3E0AB2DCB5F9FCB089350D8AF5B1EBBD3D59B064EACD350E27FA72C8CCE9ECDB6B08381E283CC177FE7ADF50CBB1DC51D20EDFAE75D69341C0BD9AD9E73035A94F875D8BC68D5E351CC038EE33C10C1A5D6B0FB8176BDB71F6F28D469F6A
tmp_aes_key = 0E33CA37DE423CDC3F0CB6657E0E55855F5E7FB0D161A5009DD5AA6718D1540A
tmp_aes_iv = EE20B2AF3CA47CA8F06150893716E0910B23BB80E2D98D18E442B15581FC746B
Yielding:
answer_with_hash = 482927D79B6E6DADAA65BFB94C0A6280D27561E6BA0D89B550C861452DE403320DA63889D4EF03ABC0BB436F82EE94AECEAD50611EAC516B03000000FE000100C71CAEB9C6B1C9048E6C522F70F13F73980D40238E3E21C14934D037563D930F48198A0AA7C14058229493D22530F4DBFA336F6E0AC925139543AED44CCE7C3720FD51F69458705AC68CD4FE6B6B13ABDC9746512969328454F18FAF8C595F642477FE96BB2A941D5BCD1D4AC8CC49880708FA9B378E3C4F3A9060BEE67CF9A4A4A695811051907E162753B56B0F6B410DBA74D8A84B2A14B3144E0EF1284754FD17ED950D5965B4B9DD46582DB1178D169C6BC465B0D6FF9CA3928FEF5B9AE4E418FC15E83EBEA0F87FA9FF5EED70050DED2849F47BF959D956850CE929851F0D8115F635B105EE2E4E15D04B2454BF6F4FADF034B10403119CD8E3B92FCC5BFE0001007CC423E3BD9B83ED40A8D409C7C82ED9C134C2AAD07EBAC858CA29366BFFD2B2C0C6D1997945D4B0957DFB403E022FD1750124F530034085D32CF8D60C55B5BCF3877E325A1919F623E63719AECD62B284E7F32D9378D3A4D90A9428E901A3487EC0CF3A3424679106AFF7CDD605CDD5C2F6775B9774F3368684A52B537AC2BB8D1B98BAB482AF463B45DA1DB2546BE27BE9CDAD54B2F69FD571A02FF298B370A21E1AA4728826400BC2F65EED5AC4EB6E133293B6027CC01105BD91D7A93D7B5E66C5C9417E78ACFD32DDD432225378BC3CCFF869DA4106376322B1472C136600EE4193D216EB229B8906EDEF3722A5A2EDD7EA3B9B29A009F85DE828E919278B6EC868DD19CDEA8434A0BD
answer = BA0D89B550C861452DE403320DA63889D4EF03ABC0BB436F82EE94AECEAD50611EAC516B03000000FE000100C71CAEB9C6B1C9048E6C522F70F13F73980D40238E3E21C14934D037563D930F48198A0AA7C14058229493D22530F4DBFA336F6E0AC925139543AED44CCE7C3720FD51F69458705AC68CD4FE6B6B13ABDC9746512969328454F18FAF8C595F642477FE96BB2A941D5BCD1D4AC8CC49880708FA9B378E3C4F3A9060BEE67CF9A4A4A695811051907E162753B56B0F6B410DBA74D8A84B2A14B3144E0EF1284754FD17ED950D5965B4B9DD46582DB1178D169C6BC465B0D6FF9CA3928FEF5B9AE4E418FC15E83EBEA0F87FA9FF5EED70050DED2849F47BF959D956850CE929851F0D8115F635B105EE2E4E15D04B2454BF6F4FADF034B10403119CD8E3B92FCC5BFE0001007CC423E3BD9B83ED40A8D409C7C82ED9C134C2AAD07EBAC858CA29366BFFD2B2C0C6D1997945D4B0957DFB403E022FD1750124F530034085D32CF8D60C55B5BCF3877E325A1919F623E63719AECD62B284E7F32D9378D3A4D90A9428E901A3487EC0CF3A3424679106AFF7CDD605CDD5C2F6775B9774F3368684A52B537AC2BB8D1B98BAB482AF463B45DA1DB2546BE27BE9CDAD54B2F69FD571A02FF298B370A21E1AA4728826400BC2F65EED5AC4EB6E133293B6027CC01105BD91D7A93D7B5E66C5C9417E78ACFD32DDD432225378BC3CCFF869DA4106376322B1472C136600EE4193D216EB229B8906EDEF3722A5A2EDD7EA3B9B29A009F85DE828E919278B6EC868DD19CDEA8434A0BD
Generated payload (excluding transport headers/trailers):
0000 | BA 0D 89 B5 50 C8 61 45 2D E4 03 32 0D A6 38 89
0010 | D4 EF 03 AB C0 BB 43 6F 82 EE 94 AE CE AD 50 61
0020 | 1E AC 51 6B 03 00 00 00 FE 00 01 00 C7 1C AE B9
0030 | C6 B1 C9 04 8E 6C 52 2F 70 F1 3F 73 98 0D 40 23
0040 | 8E 3E 21 C1 49 34 D0 37 56 3D 93 0F 48 19 8A 0A
0050 | A7 C1 40 58 22 94 93 D2 25 30 F4 DB FA 33 6F 6E
0060 | 0A C9 25 13 95 43 AE D4 4C CE 7C 37 20 FD 51 F6
0070 | 94 58 70 5A C6 8C D4 FE 6B 6B 13 AB DC 97 46 51
0080 | 29 69 32 84 54 F1 8F AF 8C 59 5F 64 24 77 FE 96
0090 | BB 2A 94 1D 5B CD 1D 4A C8 CC 49 88 07 08 FA 9B
00A0 | 37 8E 3C 4F 3A 90 60 BE E6 7C F9 A4 A4 A6 95 81
00B0 | 10 51 90 7E 16 27 53 B5 6B 0F 6B 41 0D BA 74 D8
00C0 | A8 4B 2A 14 B3 14 4E 0E F1 28 47 54 FD 17 ED 95
00D0 | 0D 59 65 B4 B9 DD 46 58 2D B1 17 8D 16 9C 6B C4
00E0 | 65 B0 D6 FF 9C A3 92 8F EF 5B 9A E4 E4 18 FC 15
00F0 | E8 3E BE A0 F8 7F A9 FF 5E ED 70 05 0D ED 28 49
0100 | F4 7B F9 59 D9 56 85 0C E9 29 85 1F 0D 81 15 F6
0110 | 35 B1 05 EE 2E 4E 15 D0 4B 24 54 BF 6F 4F AD F0
0120 | 34 B1 04 03 11 9C D8 E3 B9 2F CC 5B FE 00 01 00
0130 | 7C C4 23 E3 BD 9B 83 ED 40 A8 D4 09 C7 C8 2E D9
0140 | C1 34 C2 AA D0 7E BA C8 58 CA 29 36 6B FF D2 B2
0150 | C0 C6 D1 99 79 45 D4 B0 95 7D FB 40 3E 02 2F D1
0160 | 75 01 24 F5 30 03 40 85 D3 2C F8 D6 0C 55 B5 BC
0170 | F3 87 7E 32 5A 19 19 F6 23 E6 37 19 AE CD 62 B2
0180 | 84 E7 F3 2D 93 78 D3 A4 D9 0A 94 28 E9 01 A3 48
0190 | 7E C0 CF 3A 34 24 67 91 06 AF F7 CD D6 05 CD D5
01A0 | C2 F6 77 5B 97 74 F3 36 86 84 A5 2B 53 7A C2 BB
01B0 | 8D 1B 98 BA B4 82 AF 46 3B 45 DA 1D B2 54 6B E2
01C0 | 7B E9 CD AD 54 B2 F6 9F D5 71 A0 2F F2 98 B3 70
01D0 | A2 1E 1A A4 72 88 26 40 0B C2 F6 5E ED 5A C4 EB
01E0 | 6E 13 32 93 B6 02 7C C0 11 05 BD 91 D7 A9 3D 7B
01F0 | 5E 66 C5 C9 41 7E 78 AC FD 32 DD D4 32 22 53 78
0200 | BC 3C CF F8 69 DA 41 06 37 63 22 B1 47 2C 13 66
0210 | 00 EE 41 93 D2 16 EB 22 9B 89 06 ED EF 37 22 A5
0220 | A2 ED D7 EA 3B 9B 29 A0 09 F8 5D E8 28 E9 19 27
0230 | 8B 6E C8 68
Payload (de)serialization:
server_DH_inner_data#b5890dba nonce:int128 server_nonce:int128 g:int dh_prime:string g_a:string server_time:int = Server_DH_inner_data;
Parameter | Offset, Length in bytes | Value | Description |
---|---|---|---|
%(server_DH_inner_data) | 0, 4 | ba0d89b5 |
server_DH_inner_data constructor number from TL schema |
nonce | 4, 16 | 50C861452DE403320DA63889D4EF03AB |
Value generated by client in Step 1 |
server_nonce | 20, 16 | C0BB436F82EE94AECEAD50611EAC516B |
Value received from server in Step 2 |
g | 36, 4 | 03000000 (3 in decimal) |
Value received from server in Step 2 |
dh_prime | 40, 260 | FE000100C71CAEB9C6B1C9048E6C522F 70F13F73980D40238E3E21C14934D037 563D930F48198A0AA7C14058229493D2 2530F4DBFA336F6E0AC925139543AED4 4CCE7C3720FD51F69458705AC68CD4FE 6B6B13ABDC9746512969328454F18FAF 8C595F642477FE96BB2A941D5BCD1D4A C8CC49880708FA9B378E3C4F3A9060BE E67CF9A4A4A695811051907E162753B5 6B0F6B410DBA74D8A84B2A14B3144E0E F1284754FD17ED950D5965B4B9DD4658 2DB1178D169C6BC465B0D6FF9CA3928F EF5B9AE4E418FC15E83EBEA0F87FA9FF 5EED70050DED2849F47BF959D956850C E929851F0D8115F635B105EE2E4E15D0 4B2454BF6F4FADF034B10403119CD8E3 B92FCC5B |
2048-bit prime, in big-endian byte order, to be checked as specified in the auth key docs |
g_a | 300, 260 | FE0001007CC423E3BD9B83ED40A8D409 C7C82ED9C134C2AAD07EBAC858CA2936 6BFFD2B2C0C6D1997945D4B0957DFB40 3E022FD1750124F530034085D32CF8D6 0C55B5BCF3877E325A1919F623E63719 AECD62B284E7F32D9378D3A4D90A9428 E901A3487EC0CF3A3424679106AFF7CD D605CDD5C2F6775B9774F3368684A52B 537AC2BB8D1B98BAB482AF463B45DA1D B2546BE27BE9CDAD54B2F69FD571A02F F298B370A21E1AA4728826400BC2F65E ED5AC4EB6E133293B6027CC01105BD91 D7A93D7B5E66C5C9417E78ACFD32DDD4 32225378BC3CCFF869DA4106376322B1 472C136600EE4193D216EB229B8906ED EF3722A5A2EDD7EA3B9B29A009F85DE8 28E91927 |
g_a diffie-hellman parameter |
server_time | 560, 4 | 8B6EC868 (1757965963 in decimal) |
Server time |
First, generate a secure random 2048-bit number b:
b = 70B54DA77DC506911ECAA4C7F7575A5A27510890C88EA1854B0AFDEF696988FE66F29F70BF08EFC89B863DC124D12A2DCA9140DAB31488FF15362111F16C6DF9FE90C0D818DCC707C82625C734282FD2009D525104BA869F4A27066F5C5432D0C7A3FD472D3F62A5074D952E953BEB5C93ED81FBA99ACD1769F3E016B61C43109F9690DF5F7CF1B00149AAAF601B1EAAAFFFB6957545B3AB8A58BFC3044DB1F947CB1DB999CA6E64FA24B24EF21F998C763BF0E780842A1C485B6D3DB0A8D035EE786F1A68B4E6B76E11417CB08867925C3EF943EC1A339F32F4CA647B281FD70577FC3950F5E0A5F15F6E26749C5915203B83A10F3A968063E8F8EA034587F5
Then compute g_b = pow(g, b) mod dh_prime
g_b = 4554C14FA42C5D905C306132A8C788B90679FFE293047AC1E6CC08FC00A83DF6F3E2A52B21F36A1A1071613A86E0480BB4DC24FD8D6E359563C79B7E6DBC53E6AEFF1B0E7A030B978D7292F0F1F04292605A1445CCECBF164F17AE705CF9AA5C11A6CF539E2861AAA5430C96392B0FA3FA73A7F253E369F9AE4C9298B3E9441137E6F828311B5FAB0D978B86D3B09201321DA78471414112D67788B7801E0BA27A50DA73FBA578BF660AC9B1A579164AB071B1FD19AE158D9DC42376CB5F1CCFCCCCEA3A2FBCACE3F0A52E23C8D5F51945784448600CD38FC4CC07E4DBC24340FCE9C1472A764FF69C6EB47D282BD092E7F5FC73801A4ABAE12136CB347381DF
Generated payload (excluding transport headers/trailers):
0000 | 54 B6 43 66 50 C8 61 45 2D E4 03 32 0D A6 38 89
0010 | D4 EF 03 AB C0 BB 43 6F 82 EE 94 AE CE AD 50 61
0020 | 1E AC 51 6B 00 00 00 00 00 00 00 00 FE 00 01 00
0030 | 45 54 C1 4F A4 2C 5D 90 5C 30 61 32 A8 C7 88 B9
0040 | 06 79 FF E2 93 04 7A C1 E6 CC 08 FC 00 A8 3D F6
0050 | F3 E2 A5 2B 21 F3 6A 1A 10 71 61 3A 86 E0 48 0B
0060 | B4 DC 24 FD 8D 6E 35 95 63 C7 9B 7E 6D BC 53 E6
0070 | AE FF 1B 0E 7A 03 0B 97 8D 72 92 F0 F1 F0 42 92
0080 | 60 5A 14 45 CC EC BF 16 4F 17 AE 70 5C F9 AA 5C
0090 | 11 A6 CF 53 9E 28 61 AA A5 43 0C 96 39 2B 0F A3
00A0 | FA 73 A7 F2 53 E3 69 F9 AE 4C 92 98 B3 E9 44 11
00B0 | 37 E6 F8 28 31 1B 5F AB 0D 97 8B 86 D3 B0 92 01
00C0 | 32 1D A7 84 71 41 41 12 D6 77 88 B7 80 1E 0B A2
00D0 | 7A 50 DA 73 FB A5 78 BF 66 0A C9 B1 A5 79 16 4A
00E0 | B0 71 B1 FD 19 AE 15 8D 9D C4 23 76 CB 5F 1C CF
00F0 | CC CC EA 3A 2F BC AC E3 F0 A5 2E 23 C8 D5 F5 19
0100 | 45 78 44 48 60 0C D3 8F C4 CC 07 E4 DB C2 43 40
0110 | FC E9 C1 47 2A 76 4F F6 9C 6E B4 7D 28 2B D0 92
0120 | E7 F5 FC 73 80 1A 4A BA E1 21 36 CB 34 73 81 DF
Payload (de)serialization:
client_DH_inner_data#6643b654 nonce:int128 server_nonce:int128 retry_id:long g_b:string = Client_DH_Inner_Data;
Parameter | Offset, Length in bytes | Value | Description |
---|---|---|---|
%(client_DH_inner_data) | 0, 4 | 54b64366 |
client_DH_inner_data constructor number from TL schema |
nonce | 4, 16 | 50C861452DE403320DA63889D4EF03AB |
Value generated by client in Step 1 |
server_nonce | 20, 16 | C0BB436F82EE94AECEAD50611EAC516B |
Value received from server in Step 2 |
g_b | 36, 260 | FE0001004554C14FA42C5D905C306132 A8C788B90679FFE293047AC1E6CC08FC 00A83DF6F3E2A52B21F36A1A1071613A 86E0480BB4DC24FD8D6E359563C79B7E 6DBC53E6AEFF1B0E7A030B978D7292F0 F1F04292605A1445CCECBF164F17AE70 5CF9AA5C11A6CF539E2861AAA5430C96 392B0FA3FA73A7F253E369F9AE4C9298 B3E9441137E6F828311B5FAB0D978B86 D3B09201321DA78471414112D67788B7 801E0BA27A50DA73FBA578BF660AC9B1 A579164AB071B1FD19AE158D9DC42376 CB5F1CCFCCCCEA3A2FBCACE3F0A52E23 C8D5F51945784448600CD38FC4CC07E4 DBC24340FCE9C1472A764FF69C6EB47D 282BD092E7F5FC73801A4ABAE12136CB 347381DF |
Single-byte prefix denoting length, a 256-byte (2048-bit) string, and zero bytes of padding |
retry_id | 296, 8 | 0000000000000000 |
Equal to zero at the time of the first attempt; otherwise, it is equal to auth_key_aux_hash from the previous failed attempt (see Item 7). |
The serialization of Client_DH_Inner_Data produces a string data. This is used to generate encrypted_data as specified in step 6, using the following inputs:
data = 54B6436650C861452DE403320DA63889D4EF03ABC0BB436F82EE94AECEAD50611EAC516B0000000000000000FE0001004554C14FA42C5D905C306132A8C788B90679FFE293047AC1E6CC08FC00A83DF6F3E2A52B21F36A1A1071613A86E0480BB4DC24FD8D6E359563C79B7E6DBC53E6AEFF1B0E7A030B978D7292F0F1F04292605A1445CCECBF164F17AE705CF9AA5C11A6CF539E2861AAA5430C96392B0FA3FA73A7F253E369F9AE4C9298B3E9441137E6F828311B5FAB0D978B86D3B09201321DA78471414112D67788B7801E0BA27A50DA73FBA578BF660AC9B1A579164AB071B1FD19AE158D9DC42376CB5F1CCFCCCCEA3A2FBCACE3F0A52E23C8D5F51945784448600CD38FC4CC07E4DBC24340FCE9C1472A764FF69C6EB47D282BD092E7F5FC73801A4ABAE12136CB347381DF
padding = EE37DA387A7FDE804E600F16
tmp_aes_key = 0E33CA37DE423CDC3F0CB6657E0E55855F5E7FB0D161A5009DD5AA6718D1540A
tmp_aes_iv = EE20B2AF3CA47CA8F06150893716E0910B23BB80E2D98D18E442B15581FC746B
Process:
data_with_hash := SHA1(data) + data + padding (0-15 random bytes such that total length is divisible by 16)
encrypted_data := AES256_ige_encrypt (data_with_hash, tmp_aes_key, tmp_aes_iv);
Output:
encrypted_data = 54CEC8607033C955153CBD5478621E8AF05C546BD302738ED7F86D21D94E09EC0F8793C0125BBDD5E44538082A6F6D0C6FB9AD0B69BEEA377CF08293A155F8D6EA8D44CE5ACFD25DD3CBE35989EB2E6C4FBF01A0079472976850C672933D59835C3A92C9182EF67A40CF46F449A862BB7D47BA2B9B33AD3AA379BBBE84CB4F3EA1AE2A1E3E4DD4DD060E4BE417C735B28412AD3C8D56D6506B0C89200AE44058475FC7FDD4CD98738CD7B156553B51AF2BC0195170CDCD62427FDBAE050F9832EFCC2A4C43A16432AE476E21F8633592B2983DB15F26F851460CAD7695CB8886EF04AA570C57F6A05BD11EA5E9A23D11A0CE70E608E86096AAE260C2DD67FD29DF06E9CB38CE35CCDE21DF04F9E1E7589DF6929165FA62F84F80E8E1D20C7FFDDC85A8741E6323DAB53155FA8DB4F6628626C4F70C151FE47BD2BE2E4EC45DD46EE981EBF737FA6FA28885FB86BD1AD9
The length of the final string is 336 bytes.
Sent payload (excluding transport headers/trailers):
0000 | 00 00 00 00 00 00 00 00 AC 0C 08 00 8B 6E C8 68
0010 | 78 01 00 00 1F 5F 04 F5 50 C8 61 45 2D E4 03 32
0020 | 0D A6 38 89 D4 EF 03 AB C0 BB 43 6F 82 EE 94 AE
0030 | CE AD 50 61 1E AC 51 6B FE 50 01 00 54 CE C8 60
0040 | 70 33 C9 55 15 3C BD 54 78 62 1E 8A F0 5C 54 6B
0050 | D3 02 73 8E D7 F8 6D 21 D9 4E 09 EC 0F 87 93 C0
0060 | 12 5B BD D5 E4 45 38 08 2A 6F 6D 0C 6F B9 AD 0B
0070 | 69 BE EA 37 7C F0 82 93 A1 55 F8 D6 EA 8D 44 CE
0080 | 5A CF D2 5D D3 CB E3 59 89 EB 2E 6C 4F BF 01 A0
0090 | 07 94 72 97 68 50 C6 72 93 3D 59 83 5C 3A 92 C9
00A0 | 18 2E F6 7A 40 CF 46 F4 49 A8 62 BB 7D 47 BA 2B
00B0 | 9B 33 AD 3A A3 79 BB BE 84 CB 4F 3E A1 AE 2A 1E
00C0 | 3E 4D D4 DD 06 0E 4B E4 17 C7 35 B2 84 12 AD 3C
00D0 | 8D 56 D6 50 6B 0C 89 20 0A E4 40 58 47 5F C7 FD
00E0 | D4 CD 98 73 8C D7 B1 56 55 3B 51 AF 2B C0 19 51
00F0 | 70 CD CD 62 42 7F DB AE 05 0F 98 32 EF CC 2A 4C
0100 | 43 A1 64 32 AE 47 6E 21 F8 63 35 92 B2 98 3D B1
0110 | 5F 26 F8 51 46 0C AD 76 95 CB 88 86 EF 04 AA 57
0120 | 0C 57 F6 A0 5B D1 1E A5 E9 A2 3D 11 A0 CE 70 E6
0130 | 08 E8 60 96 AA E2 60 C2 DD 67 FD 29 DF 06 E9 CB
0140 | 38 CE 35 CC DE 21 DF 04 F9 E1 E7 58 9D F6 92 91
0150 | 65 FA 62 F8 4F 80 E8 E1 D2 0C 7F FD DC 85 A8 74
0160 | 1E 63 23 DA B5 31 55 FA 8D B4 F6 62 86 26 C4 F7
0170 | 0C 15 1F E4 7B D2 BE 2E 4E C4 5D D4 6E E9 81 EB
0180 | F7 37 FA 6F A2 88 85 FB 86 BD 1A D9
Payload (de)serialization:
set_client_DH_params#f5045f1f nonce:int128 server_nonce:int128 encrypted_data:string = Set_client_DH_params_answer;
Parameter | Offset, Length in bytes | Value | Description |
---|---|---|---|
auth_key_id | 0, 8 | 0000000000000000 |
0 since the message is in plain text |
message_id | 8, 8 | AC0C08008B6EC868 |
Message ID generated as specified here » (unixtime() << 32) + (N*4) |
message_length | 16, 4 | 78010000 (376 in decimal) |
Message body length |
%(set_client_DH_params) | 20, 4 | 1f5f04f5 |
set_client_DH_params constructor number from TL schema |
nonce | 24, 16 | 50C861452DE403320DA63889D4EF03AB |
Value generated by client in Step 1 |
server_nonce | 40, 16 | C0BB436F82EE94AECEAD50611EAC516B |
Value received from server in Step 2 |
encrypted_data | 56, 340 | FE50010054CEC8607033C955153CBD54 78621E8AF05C546BD302738ED7F86D21 D94E09EC0F8793C0125BBDD5E4453808 2A6F6D0C6FB9AD0B69BEEA377CF08293 A155F8D6EA8D44CE5ACFD25DD3CBE359 89EB2E6C4FBF01A0079472976850C672 933D59835C3A92C9182EF67A40CF46F4 49A862BB7D47BA2B9B33AD3AA379BBBE 84CB4F3EA1AE2A1E3E4DD4DD060E4BE4 17C735B28412AD3C8D56D6506B0C8920 0AE44058475FC7FDD4CD98738CD7B156 553B51AF2BC0195170CDCD62427FDBAE 050F9832EFCC2A4C43A16432AE476E21 F8633592B2983DB15F26F851460CAD76 95CB8886EF04AA570C57F6A05BD11EA5 E9A23D11A0CE70E608E86096AAE260C2 DD67FD29DF06E9CB38CE35CCDE21DF04 F9E1E7589DF6929165FA62F84F80E8E1 D20C7FFDDC85A8741E6323DAB53155FA 8DB4F6628626C4F70C151FE47BD2BE2E 4EC45DD46EE981EBF737FA6FA28885FB 86BD1AD9 |
Encrypted client_DH_inner_data generated previously, serialized as a TL byte string |
The client computes the auth_key using formula g_a^b mod dh_prime
:
auth_key = 0C1690A3A602DF91E7E2D112E70151A41DCDA575D5052C56A8C60D32B62E4EDF827195787A7CF8CBF59E7366BEA349DAF4B709987C4942B0F4C3F4F3042D2EDB3C78C334DFADB38AF610EF008B1D71540EC3538A9448DA1F7D32BA219A1D50BBB7712BD948349FD6A3FA2700562BDA9FC18879C69EAB0F93367F20B77F3DF32FE15520CA9CFDD5B2A2635AD6DEDC799E0F9A095E38851732EC42A2E7ED9833B26789BBDD1D6932EAF2231008ED8D18A4D1B88CAC9670259ADEE3AF710DBC07D9773BB5356D8B221F19926041BED15E713C8C2F6C4FD8D6843295CFDF9C80B29E0B7AD9C54C365C88A931E6B02BCC8D8C127E32A0737C534AD42B8B761480E06F
The server verifies and confirms that auth_key_hash is unique: since it's unique, it replies with the following:
Received payload (excluding transport headers/trailers):
0000 | 00 00 00 00 00 00 00 00 01 1C 6A 51 8D 6E C8 68
0010 | 34 00 00 00 34 F7 CB 3B 50 C8 61 45 2D E4 03 32
0020 | 0D A6 38 89 D4 EF 03 AB C0 BB 43 6F 82 EE 94 AE
0030 | CE AD 50 61 1E AC 51 6B 55 C8 8A A4 CC EE 96 0C
0040 | 51 29 32 20 BA FB F4 C7
Payload (de)serialization:
dh_gen_ok#3bcbf734 nonce:int128 server_nonce:int128 new_nonce_hash1:int128 = Set_client_DH_params_answer;
Parameter | Offset, Length in bytes | Value | Description |
---|---|---|---|
auth_key_id | 0, 8 | 0000000000000000 |
0 since the message is in plain text |
message_id | 8, 8 | 011C6A518D6EC868 |
Message ID generated as specified here » (unixtime() << 32) + (N*4) |
message_length | 16, 4 | 34000000 (52 in decimal) |
Message body length |
%(dh_gen_ok) | 20, 4 | 34f7cb3b |
dh_gen_ok constructor number from TL schema |
nonce | 24, 16 | 50C861452DE403320DA63889D4EF03AB |
Value generated by client in Step 1 |
server_nonce | 40, 16 | C0BB436F82EE94AECEAD50611EAC516B |
Value received from server in Step 2 |
new_nonce_hash1 | 56, 16 | 55C88AA4CCEE960C51293220BAFBF4C7 |
The 128 lower-order bits of SHA1 of the byte string derived from the new_nonce string by adding a single byte with the value of 1, 2, or 3, and followed by another 8 bytes with auth_key_aux_hash . Different values are required to prevent an intruder from changing server response dh_gen_ok into dh_gen_retry. |