In the examples below, the transport headers are omitted:
For example, for the abridged version of the transport », the client sends
0xef
as the first byte (important: only prior to the very first data packet), then the packet length is encoded with a single byte (0x01-0x7e
= data length divided by 4; or0x7f
followed by 3 bytes (little endian) divided by 4) followed by the data itself. In this case, server responses have the same structure (although the server does not send0xef
as the first byte).
Detailed documentation on creating authorization keys is available here ».
Sent payload (excluding transport headers/trailers):
0000 | 00 00 00 00 00 00 00 00 E0 D1 0C 00 21 A9 72 68
0010 | 14 00 00 00 F1 8E 7E BE 75 E6 22 F3 BC 7D 71 46
0020 | 32 B8 33 82 1F D7 BB 0C
Payload (de)serialization:
req_pq_multi#be7e8ef1 nonce:int128 = ResPQ;
Parameter | Offset, Length in bytes | Value | Description |
---|---|---|---|
auth_key_id | 0, 8 | 0000000000000000 |
0 since the message is in plain text |
message_id | 8, 8 | E0D10C0021A97268 |
Message ID generated as specified here » (unixtime() << 32) + (N*4) |
message_length | 16, 4 | 14000000 (20 in decimal) |
Message body length |
%(req_pq_multi) | 20, 4 | f18e7ebe |
req_pq_multi constructor number from TL schema |
nonce | 24, 16 | 75E622F3BC7D714632B833821FD7BB0C |
Random number |
Received payload (excluding transport headers/trailers):
0000 | 00 00 00 00 00 00 00 00 01 4C 52 79 21 A9 72 68
0010 | 50 00 00 00 63 24 16 05 75 E6 22 F3 BC 7D 71 46
0020 | 32 B8 33 82 1F D7 BB 0C 8E C5 3E C0 50 CB 2D 47
0030 | 5B 45 7B AF 44 5B 49 F5 08 16 E7 48 B2 95 22 C6
0040 | 8F 00 00 00 15 C4 B5 1C 03 00 00 00 85 FD 64 DE
0050 | 85 1D 9D D0 A5 B7 F7 09 35 5F C3 0B 21 6B E8 6C
0060 | 02 2B B4 C3
Payload (de)serialization:
resPQ#05162463 nonce:int128 server_nonce:int128 pq:string server_public_key_fingerprints:Vector<strlong> = ResPQ;
Parameter | Offset, Length in bytes | Value | Description |
---|---|---|---|
auth_key_id | 0, 8 | 0000000000000000 |
0 since the message is in plain text |
message_id | 8, 8 | 014C527921A97268 |
Message ID generated as specified here » (unixtime() << 32) + (N*4) |
message_length | 16, 4 | 50000000 (80 in decimal) |
Message body length |
%(resPQ) | 20, 4 | 63241605 |
resPQ constructor number from TL schema |
nonce | 24, 16 | 75E622F3BC7D714632B833821FD7BB0C |
Value generated by client in Step 1 |
server_nonce | 40, 16 | 8EC53EC050CB2D475B457BAF445B49F5 |
Server-generated random number |
pq | 56, 12 | 0816E748B29522C68F000000 TL byte deserialization => bigendian conversion to decimal => 1650367720298038927 |
Single-byte prefix denoting length, an 8-byte string, and three bytes of padding |
%(Vector strlong) | 68, 4 | 15c4b51c |
Vector t constructor number from TL schema |
count | 72, 4 | 03000000 |
Number of elements in server_public_key_fingerprints |
server_public_key_fingerprints[0] | 76, 8 | 85FD64DE851D9DD0 |
64 lower-order bits of SHA1(server_public_key) |
server_public_key_fingerprints[1] | 84, 8 | A5B7F709355FC30B |
64 lower-order bits of SHA1(server_public_key) |
server_public_key_fingerprints[2] | 92, 8 | 216BE86C022BB4C3 |
64 lower-order bits of SHA1(server_public_key) |
In our case, the client only has the following public keys, with the following fingerprints:
85FD64DE851D9DD0
Let's choose the only matching key, the one with fingerprint equal to 85FD64DE851D9DD0
.
pq = 1650367720298038927
Decompose into 2 prime cofactors p < q
: 1650367720298038927 = 1145839111 * 1440313657
p = 1145839111
q = 1440313657
encrypted_data
payload generationFirst of all, generate an encrypted_data
payload as follows:
Generated payload (excluding transport headers/trailers):
0000 | 95 5F F5 A9 08 16 E7 48 B2 95 22 C6 8F 00 00 00
0010 | 04 44 4C 1E 07 00 00 00 04 55 D9 71 39 00 00 00
0020 | 75 E6 22 F3 BC 7D 71 46 32 B8 33 82 1F D7 BB 0C
0030 | 8E C5 3E C0 50 CB 2D 47 5B 45 7B AF 44 5B 49 F5
0040 | 99 80 D4 75 80 F8 88 B3 B1 DA EF 34 DB 48 47 3E
0050 | 7D 8B D2 68 A5 8F F0 3B 8C 4A 9F 7A 42 24 59 59
0060 | 02 00 00 00
Payload (de)serialization:
p_q_inner_data_dc#a9f55f95 pq:string p:string q:string nonce:int128 server_nonce:int128 new_nonce:int256 dc:int = P_Q_inner_data;
Parameter | Offset, Length in bytes | Value | Description |
---|---|---|---|
%(p_q_inner_data_dc) | 0, 4 | 955ff5a9 |
p_q_inner_data_dc constructor number from TL schema |
pq | 4, 12 | 0816E748B29522C68F000000 TL byte deserialization => bigendian conversion to decimal => 1650367720298038927 |
Single-byte prefix denoting length, 8-byte string, and three bytes of padding |
p | 16, 8 | 04444C1E07000000 TL byte deserialization => bigendian conversion to decimal => 1145839111 |
First prime cofactor: single-byte prefix denoting length, 4-byte string, and three bytes of padding |
q | 24, 8 | 0455D97139000000 TL byte deserialization => bigendian conversion to decimal => 1440313657 |
Second prime cofactor: single-byte prefix denoting length, 4-byte string, and three bytes of padding |
nonce | 32, 16 | 75E622F3BC7D714632B833821FD7BB0C |
Value generated by client in Step 1 |
server_nonce | 48, 16 | 8EC53EC050CB2D475B457BAF445B49F5 |
Value received from server in Step 2 |
new_nonce | 64, 32 | 9980D47580F888B3B1DAEF34DB48473E 7D8BD268A58FF03B8C4A9F7A42245959 |
Client-generated random number |
dc | 96, 4 | 02000000 (2 in decimal) |
DC ID: 10000 (decimal) has to be added to the DC ID to connect to the test servers; it has to be made negative if the DC we're connecting to is a media (not CDN) DC. |
The serialization of P_Q_inner_data produces data, which is used to generate encrypted_data as specified in step 4.1.
These are the inputs to the algorithm specified in step 4.1:
data = 955FF5A90816E748B29522C68F00000004444C1E070000000455D9713900000075E622F3BC7D714632B833821FD7BB0C8EC53EC050CB2D475B457BAF445B49F59980D47580F888B3B1DAEF34DB48473E7D8BD268A58FF03B8C4A9F7A4224595902000000
random_padding_bytes = 252A073EE8374E6CE125C66E082722D5594D192C90F080B19348609886999D4866E0A4E62FBC0DBC90BD56157405A5EC9F59DEA5EFC99B571F477023E35C0B059875BC2A8DCC7CA164857BF4B359303CC4B05E33BDACEAD881FF8AF6
And this is the output:
encrypted_data = 90511A4D8C730E67A091E4C4B623DC9AFAE98BDB499016A5AFAD35B9996BD06519B8182FA1F8FDDF2C365474FE315D93CF736E86B5B591AC1DCCAE9C5FE9A9170B6D1B9A9881A4C9F9756CF9BCDCBE7A89ECA398686E3B180A0C3695E6A971847B905C6EB001A65F49395C24171020D2EE7C2BADF486F78F6CBDAB9DBB54F9A159A11BD4FD5F8B2DBB7141A8A11F3FD960EC5ED25B96FCE573A4F1EC61CD507957B77BB3349406365D92E1E0839A0C6EA3084702C949B268DA5677603145237440A199D190F257A7FD99B2EF8555030A6F35747742344B07C4DC7753AC2BF3E38C880416B7BB1EEBCB1556845F53895DEBF6AE06E4032DFA90720D5DDAAF50CA
The length of the final string is 256 bytes.
encrypted_data
Sent payload (excluding transport headers/trailers):
0000 | 00 00 00 00 00 00 00 00 E4 D1 0C 00 21 A9 72 68
0010 | 40 01 00 00 BE E4 12 D7 75 E6 22 F3 BC 7D 71 46
0020 | 32 B8 33 82 1F D7 BB 0C 8E C5 3E C0 50 CB 2D 47
0030 | 5B 45 7B AF 44 5B 49 F5 04 44 4C 1E 07 00 00 00
0040 | 04 55 D9 71 39 00 00 00 85 FD 64 DE 85 1D 9D D0
0050 | FE 00 01 00 90 51 1A 4D 8C 73 0E 67 A0 91 E4 C4
0060 | B6 23 DC 9A FA E9 8B DB 49 90 16 A5 AF AD 35 B9
0070 | 99 6B D0 65 19 B8 18 2F A1 F8 FD DF 2C 36 54 74
0080 | FE 31 5D 93 CF 73 6E 86 B5 B5 91 AC 1D CC AE 9C
0090 | 5F E9 A9 17 0B 6D 1B 9A 98 81 A4 C9 F9 75 6C F9
00A0 | BC DC BE 7A 89 EC A3 98 68 6E 3B 18 0A 0C 36 95
00B0 | E6 A9 71 84 7B 90 5C 6E B0 01 A6 5F 49 39 5C 24
00C0 | 17 10 20 D2 EE 7C 2B AD F4 86 F7 8F 6C BD AB 9D
00D0 | BB 54 F9 A1 59 A1 1B D4 FD 5F 8B 2D BB 71 41 A8
00E0 | A1 1F 3F D9 60 EC 5E D2 5B 96 FC E5 73 A4 F1 EC
00F0 | 61 CD 50 79 57 B7 7B B3 34 94 06 36 5D 92 E1 E0
0100 | 83 9A 0C 6E A3 08 47 02 C9 49 B2 68 DA 56 77 60
0110 | 31 45 23 74 40 A1 99 D1 90 F2 57 A7 FD 99 B2 EF
0120 | 85 55 03 0A 6F 35 74 77 42 34 4B 07 C4 DC 77 53
0130 | AC 2B F3 E3 8C 88 04 16 B7 BB 1E EB CB 15 56 84
0140 | 5F 53 89 5D EB F6 AE 06 E4 03 2D FA 90 72 0D 5D
0150 | DA AF 50 CA
Payload (de)serialization:
req_DH_params#d712e4be nonce:int128 server_nonce:int128 p:string q:string public_key_fingerprint:long encrypted_data:string = Server_DH_Params;
Parameter | Offset, Length in bytes | Value | Description |
---|---|---|---|
auth_key_id | 0, 8 | 0000000000000000 |
0 since the message is in plain text |
message_id | 8, 8 | E4D10C0021A97268 |
Message ID generated as specified here » (unixtime() << 32) + (N*4) |
message_length | 16, 4 | 40010000 (320 in decimal) |
Message body length |
%(req_DH_params) | 20, 4 | bee412d7 |
req_DH_params constructor number from TL schema |
nonce | 24, 16 | 75E622F3BC7D714632B833821FD7BB0C |
Value generated by client in Step 1 |
server_nonce | 40, 16 | 8EC53EC050CB2D475B457BAF445B49F5 |
Value received from server in Step 2 |
p | 56, 8 | 04444C1E07000000 TL byte deserialization => bigendian conversion to decimal => 1145839111 |
First prime cofactor: single-byte prefix denoting length, 4-byte string, and three bytes of padding |
q | 64, 8 | 0455D97139000000 TL byte deserialization => bigendian conversion to decimal => 1440313657 |
Second prime cofactor: single-byte prefix denoting length, 4-byte string, and three bytes of padding |
public_key_fingerprint | 72, 8 | 85FD64DE851D9DD0 |
fingerprint of public key used |
encrypted_data | 80, 260 | FE00010090511A4D8C730E67A091E4C4 B623DC9AFAE98BDB499016A5AFAD35B9 996BD06519B8182FA1F8FDDF2C365474 FE315D93CF736E86B5B591AC1DCCAE9C 5FE9A9170B6D1B9A9881A4C9F9756CF9 BCDCBE7A89ECA398686E3B180A0C3695 E6A971847B905C6EB001A65F49395C24 171020D2EE7C2BADF486F78F6CBDAB9D BB54F9A159A11BD4FD5F8B2DBB7141A8 A11F3FD960EC5ED25B96FCE573A4F1EC 61CD507957B77BB3349406365D92E1E0 839A0C6EA3084702C949B268DA567760 3145237440A199D190F257A7FD99B2EF 8555030A6F35747742344B07C4DC7753 AC2BF3E38C880416B7BB1EEBCB155684 5F53895DEBF6AE06E4032DFA90720D5D DAAF50CA |
Value generated above |
Received payload (excluding transport headers/trailers):
0000 | 00 00 00 00 00 00 00 00 01 3C 94 9A 21 A9 72 68
0010 | 78 02 00 00 5C 07 E8 D0 75 E6 22 F3 BC 7D 71 46
0020 | 32 B8 33 82 1F D7 BB 0C 8E C5 3E C0 50 CB 2D 47
0030 | 5B 45 7B AF 44 5B 49 F5 FE 50 02 00 0E EF F2 25
0040 | 8A E9 3B F6 A5 8F 79 37 1A DA 21 06 B2 0E 80 60
0050 | 25 6B 68 91 82 EF E3 7C 03 B0 6C 6F D9 0C F2 0F
0060 | B5 6D 6C 10 F6 99 C3 2F EB 76 A8 E9 A0 44 CB 0A
0070 | EC CA 05 3C F3 01 D3 2B E8 5D F6 DA 0D 28 6F 5F
0080 | C8 6D 60 3E B8 89 C2 D0 78 6D D0 C1 37 08 9E 6D
0090 | 55 D0 39 D1 1C 1E A6 88 A8 89 88 22 8F 36 7E 0B
00A0 | A2 C3 3E 49 B9 79 D6 04 7F 25 29 49 BB 19 40 5A
00B0 | D4 E8 B5 40 1A 54 0A 5F FD 96 8A FF 22 63 1A 32
00C0 | 51 C6 29 70 EE A1 F0 61 B4 8D 76 7B 04 75 B1 28
00D0 | C8 7C 16 E6 55 0C A0 01 2F BD A1 C5 73 AB 66 3C
00E0 | 48 33 DE D8 7D B0 0A 23 DB 5C 6E 14 89 50 DF 2F
00F0 | 40 9D 31 85 77 F1 83 A7 38 EE 62 6B 53 0F 3A B9
0100 | 4D 88 02 C2 2E DA 47 9D BC 06 65 1B 5B 0E 7F 26
0110 | E8 DF D2 5B 04 39 94 7B 38 38 D6 DE FC B0 1A B0
0120 | CC 42 C7 DA DD DE 54 72 52 20 9E 6A D0 EB 7C FC
0130 | F8 DF 65 8B 21 AB FF 4A 77 F8 25 A3 87 24 7C 47
0140 | 7F 1D 22 52 C1 5E C3 9D E9 6C 8B EB D9 2E 3A 0F
0150 | 19 D2 2C D7 0D A8 48 CD 76 16 53 9B C3 1C 2C 64
0160 | 38 3C C7 C3 2D 38 F7 BD 9C 5A 62 6D 06 4C 31 5B
0170 | 43 6B B6 89 AF 31 17 8F AB A6 A7 02 ED 5C 73 D3
0180 | B0 15 D0 C0 04 5B 2E ED 93 16 F4 15 37 1F 1D A7
0190 | 3B EC E2 13 0C 19 A6 02 1D 6E A1 0C 27 9D 01 6E
01A0 | 94 C3 EA 4F 37 2B 4E 21 81 32 39 A5 AB 88 E8 40
01B0 | 19 03 77 7B 1D BD FB 95 34 3F F9 B5 35 CC 43 F3
01C0 | A8 4C FB 47 1C 6F B4 DB 46 C5 05 5D F3 E9 B2 B4
01D0 | 31 32 53 14 B3 E8 7F 31 D4 AA 20 31 0B D8 0B 50
01E0 | B0 D5 64 C1 EA C0 2A B9 0A C4 23 3D 35 18 3E 85
01F0 | 2D 6E 9F 34 46 4D CA 58 2D 4E 2E 0F 52 CA BD E3
0200 | 41 30 70 7F 5A 3C DD 6E 32 D2 F4 2B 87 94 EB C9
0210 | 06 32 FA E3 17 40 82 0F 5E 85 7A 24 82 E5 4B 7D
0220 | A8 8D 3F AA 5A 49 72 67 55 AA B0 9D A6 9A DB B7
0230 | 2C EA 06 3E 6F 42 C2 02 99 AC A8 69 3C 3B 2A 2E
0240 | 55 37 E3 80 F9 A6 44 88 82 CE B3 49 10 FE FC F7
0250 | 01 50 1B 1A 6A 18 D8 DD 16 86 28 DB FA F1 5A AD
0260 | 6D 99 47 80 1B 5B D9 FC F2 A0 F8 6F 00 6F 6D B1
0270 | BB 3F CE 08 1A 0C 33 5E 29 F5 D3 71 10 0A 03 B9
0280 | 66 9D AB 46 CA 31 AC B2 F3 88 49 EA
Payload (de)serialization:
server_DH_params_ok#d0e8075c nonce:int128 server_nonce:int128 encrypted_answer:string = Server_DH_Params;
Parameter | Offset, Length in bytes | Value | Description |
---|---|---|---|
auth_key_id | 0, 8 | 0000000000000000 |
0 since the message is in plain text |
message_id | 8, 8 | 013C949A21A97268 |
Message ID generated as specified here » (unixtime() << 32) + (N*4) |
message_length | 16, 4 | 78020000 (632 in decimal) |
Message body length |
%(server_DH_params_ok) | 20, 4 | 5c07e8d0 |
server_DH_params_ok constructor number from TL schema |
nonce | 24, 16 | 75E622F3BC7D714632B833821FD7BB0C |
Value generated by client in Step 1 |
server_nonce | 40, 16 | 8EC53EC050CB2D475B457BAF445B49F5 |
Value received from server in Step 2 |
encrypted_answer | 56, 596 | FE5002000EEFF2258AE93BF6A58F7937 1ADA2106B20E8060256B689182EFE37C 03B06C6FD90CF20FB56D6C10F699C32F EB76A8E9A044CB0AECCA053CF301D32B E85DF6DA0D286F5FC86D603EB889C2D0 786DD0C137089E6D55D039D11C1EA688 A88988228F367E0BA2C33E49B979D604 7F252949BB19405AD4E8B5401A540A5F FD968AFF22631A3251C62970EEA1F061 B48D767B0475B128C87C16E6550CA001 2FBDA1C573AB663C4833DED87DB00A23 DB5C6E148950DF2F409D318577F183A7 38EE626B530F3AB94D8802C22EDA479D BC06651B5B0E7F26E8DFD25B0439947B 3838D6DEFCB01AB0CC42C7DADDDE5472 52209E6AD0EB7CFCF8DF658B21ABFF4A 77F825A387247C477F1D2252C15EC39D E96C8BEBD92E3A0F19D22CD70DA848CD 7616539BC31C2C64383CC7C32D38F7BD 9C5A626D064C315B436BB689AF31178F ABA6A702ED5C73D3B015D0C0045B2EED 9316F415371F1DA73BECE2130C19A602 1D6EA10C279D016E94C3EA4F372B4E21 813239A5AB88E8401903777B1DBDFB95 343FF9B535CC43F3A84CFB471C6FB4DB 46C5055DF3E9B2B431325314B3E87F31 D4AA20310BD80B50B0D564C1EAC02AB9 0AC4233D35183E852D6E9F34464DCA58 2D4E2E0F52CABDE34130707F5A3CDD6E 32D2F42B8794EBC90632FAE31740820F 5E857A2482E54B7DA88D3FAA5A497267 55AAB09DA69ADBB72CEA063E6F42C202 99ACA8693C3B2A2E5537E380F9A64488 82CEB34910FEFCF701501B1A6A18D8DD 168628DBFAF15AAD6D9947801B5BD9FC F2A0F86F006F6DB1BB3FCE081A0C335E 29F5D371100A03B9669DAB46CA31ACB2 F38849EA |
See below |
Decrypt encrypted_answer
using the reverse of the process specified in step 6:
encrypted_answer = 0EEFF2258AE93BF6A58F79371ADA2106B20E8060256B689182EFE37C03B06C6FD90CF20FB56D6C10F699C32FEB76A8E9A044CB0AECCA053CF301D32BE85DF6DA0D286F5FC86D603EB889C2D0786DD0C137089E6D55D039D11C1EA688A88988228F367E0BA2C33E49B979D6047F252949BB19405AD4E8B5401A540A5FFD968AFF22631A3251C62970EEA1F061B48D767B0475B128C87C16E6550CA0012FBDA1C573AB663C4833DED87DB00A23DB5C6E148950DF2F409D318577F183A738EE626B530F3AB94D8802C22EDA479DBC06651B5B0E7F26E8DFD25B0439947B3838D6DEFCB01AB0CC42C7DADDDE547252209E6AD0EB7CFCF8DF658B21ABFF4A77F825A387247C477F1D2252C15EC39DE96C8BEBD92E3A0F19D22CD70DA848CD7616539BC31C2C64383CC7C32D38F7BD9C5A626D064C315B436BB689AF31178FABA6A702ED5C73D3B015D0C0045B2EED9316F415371F1DA73BECE2130C19A6021D6EA10C279D016E94C3EA4F372B4E21813239A5AB88E8401903777B1DBDFB95343FF9B535CC43F3A84CFB471C6FB4DB46C5055DF3E9B2B431325314B3E87F31D4AA20310BD80B50B0D564C1EAC02AB90AC4233D35183E852D6E9F34464DCA582D4E2E0F52CABDE34130707F5A3CDD6E32D2F42B8794EBC90632FAE31740820F5E857A2482E54B7DA88D3FAA5A49726755AAB09DA69ADBB72CEA063E6F42C20299ACA8693C3B2A2E5537E380F9A6448882CEB34910FEFCF701501B1A6A18D8DD168628DBFAF15AAD6D9947801B5BD9FCF2A0F86F006F6DB1BB3FCE081A0C335E29F5D371100A03B9669DAB46CA31ACB2F38849EA
tmp_aes_key = A778250F36205F1D35B7BAC3E0FFA72E1435191B6D2C34B2A7C5C7B4F254E75D
tmp_aes_iv = 23C60FE71C305F5760D20935ADDFA0C14E7A1EDA7E844F561DEFD4929980D475
Yielding:
answer_with_hash = 7A8E9F9FDFF9861D601DB7BA4648620E68EDA42DBA0D89B575E622F3BC7D714632B833821FD7BB0C8EC53EC050CB2D475B457BAF445B49F503000000FE000100C71CAEB9C6B1C9048E6C522F70F13F73980D40238E3E21C14934D037563D930F48198A0AA7C14058229493D22530F4DBFA336F6E0AC925139543AED44CCE7C3720FD51F69458705AC68CD4FE6B6B13ABDC9746512969328454F18FAF8C595F642477FE96BB2A941D5BCD1D4AC8CC49880708FA9B378E3C4F3A9060BEE67CF9A4A4A695811051907E162753B56B0F6B410DBA74D8A84B2A14B3144E0EF1284754FD17ED950D5965B4B9DD46582DB1178D169C6BC465B0D6FF9CA3928FEF5B9AE4E418FC15E83EBEA0F87FA9FF5EED70050DED2849F47BF959D956850CE929851F0D8115F635B105EE2E4E15D04B2454BF6F4FADF034B10403119CD8E3B92FCC5BFE0001007D1326058B21BCDB95DC376331C5B47A1275A99F8F6F8112703207DF5F1118A3727B9F9D7F2930CEB4EE373E7C9C919C10AC6570EDD02D81431BFA757AF6F6C480834E2EFDAD9FF40395801CB21E9E40307631862C0D7BB3B3B9415EFECD513CF0AB2E9A3EE2D377BE21E599269A82B74E5977FE7A6587E0BD47047422AC6D2B0829AA031E1CE00DA0B778BB1CB066B9E44BFDED0578BC1D09508A0B5AA5707F68ECED74011CAD9B44CF965376EE22B90DC6A51C0EBB0A6D48B1CC0E5548F5983610DD05676FECA4D9DA1096B308621E3EB182C57A0E9F263F0A7C2EBA6224958AF68C8FBE931B46AD58F260F01360D1CDDF4D6FB614A6A46DF3EFD09EA5589421A97268CC27A5D224EE019E
answer = BA0D89B575E622F3BC7D714632B833821FD7BB0C8EC53EC050CB2D475B457BAF445B49F503000000FE000100C71CAEB9C6B1C9048E6C522F70F13F73980D40238E3E21C14934D037563D930F48198A0AA7C14058229493D22530F4DBFA336F6E0AC925139543AED44CCE7C3720FD51F69458705AC68CD4FE6B6B13ABDC9746512969328454F18FAF8C595F642477FE96BB2A941D5BCD1D4AC8CC49880708FA9B378E3C4F3A9060BEE67CF9A4A4A695811051907E162753B56B0F6B410DBA74D8A84B2A14B3144E0EF1284754FD17ED950D5965B4B9DD46582DB1178D169C6BC465B0D6FF9CA3928FEF5B9AE4E418FC15E83EBEA0F87FA9FF5EED70050DED2849F47BF959D956850CE929851F0D8115F635B105EE2E4E15D04B2454BF6F4FADF034B10403119CD8E3B92FCC5BFE0001007D1326058B21BCDB95DC376331C5B47A1275A99F8F6F8112703207DF5F1118A3727B9F9D7F2930CEB4EE373E7C9C919C10AC6570EDD02D81431BFA757AF6F6C480834E2EFDAD9FF40395801CB21E9E40307631862C0D7BB3B3B9415EFECD513CF0AB2E9A3EE2D377BE21E599269A82B74E5977FE7A6587E0BD47047422AC6D2B0829AA031E1CE00DA0B778BB1CB066B9E44BFDED0578BC1D09508A0B5AA5707F68ECED74011CAD9B44CF965376EE22B90DC6A51C0EBB0A6D48B1CC0E5548F5983610DD05676FECA4D9DA1096B308621E3EB182C57A0E9F263F0A7C2EBA6224958AF68C8FBE931B46AD58F260F01360D1CDDF4D6FB614A6A46DF3EFD09EA5589421A97268CC27A5D224EE019E
Generated payload (excluding transport headers/trailers):
0000 | BA 0D 89 B5 75 E6 22 F3 BC 7D 71 46 32 B8 33 82
0010 | 1F D7 BB 0C 8E C5 3E C0 50 CB 2D 47 5B 45 7B AF
0020 | 44 5B 49 F5 03 00 00 00 FE 00 01 00 C7 1C AE B9
0030 | C6 B1 C9 04 8E 6C 52 2F 70 F1 3F 73 98 0D 40 23
0040 | 8E 3E 21 C1 49 34 D0 37 56 3D 93 0F 48 19 8A 0A
0050 | A7 C1 40 58 22 94 93 D2 25 30 F4 DB FA 33 6F 6E
0060 | 0A C9 25 13 95 43 AE D4 4C CE 7C 37 20 FD 51 F6
0070 | 94 58 70 5A C6 8C D4 FE 6B 6B 13 AB DC 97 46 51
0080 | 29 69 32 84 54 F1 8F AF 8C 59 5F 64 24 77 FE 96
0090 | BB 2A 94 1D 5B CD 1D 4A C8 CC 49 88 07 08 FA 9B
00A0 | 37 8E 3C 4F 3A 90 60 BE E6 7C F9 A4 A4 A6 95 81
00B0 | 10 51 90 7E 16 27 53 B5 6B 0F 6B 41 0D BA 74 D8
00C0 | A8 4B 2A 14 B3 14 4E 0E F1 28 47 54 FD 17 ED 95
00D0 | 0D 59 65 B4 B9 DD 46 58 2D B1 17 8D 16 9C 6B C4
00E0 | 65 B0 D6 FF 9C A3 92 8F EF 5B 9A E4 E4 18 FC 15
00F0 | E8 3E BE A0 F8 7F A9 FF 5E ED 70 05 0D ED 28 49
0100 | F4 7B F9 59 D9 56 85 0C E9 29 85 1F 0D 81 15 F6
0110 | 35 B1 05 EE 2E 4E 15 D0 4B 24 54 BF 6F 4F AD F0
0120 | 34 B1 04 03 11 9C D8 E3 B9 2F CC 5B FE 00 01 00
0130 | 7D 13 26 05 8B 21 BC DB 95 DC 37 63 31 C5 B4 7A
0140 | 12 75 A9 9F 8F 6F 81 12 70 32 07 DF 5F 11 18 A3
0150 | 72 7B 9F 9D 7F 29 30 CE B4 EE 37 3E 7C 9C 91 9C
0160 | 10 AC 65 70 ED D0 2D 81 43 1B FA 75 7A F6 F6 C4
0170 | 80 83 4E 2E FD AD 9F F4 03 95 80 1C B2 1E 9E 40
0180 | 30 76 31 86 2C 0D 7B B3 B3 B9 41 5E FE CD 51 3C
0190 | F0 AB 2E 9A 3E E2 D3 77 BE 21 E5 99 26 9A 82 B7
01A0 | 4E 59 77 FE 7A 65 87 E0 BD 47 04 74 22 AC 6D 2B
01B0 | 08 29 AA 03 1E 1C E0 0D A0 B7 78 BB 1C B0 66 B9
01C0 | E4 4B FD ED 05 78 BC 1D 09 50 8A 0B 5A A5 70 7F
01D0 | 68 EC ED 74 01 1C AD 9B 44 CF 96 53 76 EE 22 B9
01E0 | 0D C6 A5 1C 0E BB 0A 6D 48 B1 CC 0E 55 48 F5 98
01F0 | 36 10 DD 05 67 6F EC A4 D9 DA 10 96 B3 08 62 1E
0200 | 3E B1 82 C5 7A 0E 9F 26 3F 0A 7C 2E BA 62 24 95
0210 | 8A F6 8C 8F BE 93 1B 46 AD 58 F2 60 F0 13 60 D1
0220 | CD DF 4D 6F B6 14 A6 A4 6D F3 EF D0 9E A5 58 94
0230 | 21 A9 72 68
Payload (de)serialization:
server_DH_inner_data#b5890dba nonce:int128 server_nonce:int128 g:int dh_prime:string g_a:string server_time:int = Server_DH_inner_data;
Parameter | Offset, Length in bytes | Value | Description |
---|---|---|---|
%(server_DH_inner_data) | 0, 4 | ba0d89b5 |
server_DH_inner_data constructor number from TL schema |
nonce | 4, 16 | 75E622F3BC7D714632B833821FD7BB0C |
Value generated by client in Step 1 |
server_nonce | 20, 16 | 8EC53EC050CB2D475B457BAF445B49F5 |
Value received from server in Step 2 |
g | 36, 4 | 03000000 (3 in decimal) |
Value received from server in Step 2 |
dh_prime | 40, 260 | FE000100C71CAEB9C6B1C9048E6C522F 70F13F73980D40238E3E21C14934D037 563D930F48198A0AA7C14058229493D2 2530F4DBFA336F6E0AC925139543AED4 4CCE7C3720FD51F69458705AC68CD4FE 6B6B13ABDC9746512969328454F18FAF 8C595F642477FE96BB2A941D5BCD1D4A C8CC49880708FA9B378E3C4F3A9060BE E67CF9A4A4A695811051907E162753B5 6B0F6B410DBA74D8A84B2A14B3144E0E F1284754FD17ED950D5965B4B9DD4658 2DB1178D169C6BC465B0D6FF9CA3928F EF5B9AE4E418FC15E83EBEA0F87FA9FF 5EED70050DED2849F47BF959D956850C E929851F0D8115F635B105EE2E4E15D0 4B2454BF6F4FADF034B10403119CD8E3 B92FCC5B |
2048-bit prime, in big-endian byte order, to be checked as specified in the auth key docs |
g_a | 300, 260 | FE0001007D1326058B21BCDB95DC3763 31C5B47A1275A99F8F6F8112703207DF 5F1118A3727B9F9D7F2930CEB4EE373E 7C9C919C10AC6570EDD02D81431BFA75 7AF6F6C480834E2EFDAD9FF40395801C B21E9E40307631862C0D7BB3B3B9415E FECD513CF0AB2E9A3EE2D377BE21E599 269A82B74E5977FE7A6587E0BD470474 22AC6D2B0829AA031E1CE00DA0B778BB 1CB066B9E44BFDED0578BC1D09508A0B 5AA5707F68ECED74011CAD9B44CF9653 76EE22B90DC6A51C0EBB0A6D48B1CC0E 5548F5983610DD05676FECA4D9DA1096 B308621E3EB182C57A0E9F263F0A7C2E BA6224958AF68C8FBE931B46AD58F260 F01360D1CDDF4D6FB614A6A46DF3EFD0 9EA55894 |
g_a diffie-hellman parameter |
server_time | 560, 4 | 21A97268 (1752344865 in decimal) |
Server time |
First, generate a secure random 2048-bit number b:
b = 26D1249FAA87403379951DF6ABEB262F4D2A6BC4B59655FDE2275B9851CC4722F631EF29FCFDE3F1C72F0282DBD36E4A45CEB6D64BADCCC26FAE3529B78A7E8067698CD5812EB47613EC562C09F6698293214ED0268CD8A87218336F338BEA9AB72056AA0CAC9B52CD7D96EDF851923C53276567F3AEEBB83081897B1EE57A0F2EDFD0E1FC70EE3050D285574AFE6B64F482A884A3A8D5ABA71FBD10BC0A59B5E15E0A58F17D7E85417BD730B29B817402035FFD329EB292820012E36F01852B59A1640BB739310BB408E0FBC30F6B00AA93D261EDC7BEAB61F6CDBE645E5E58D74EA8856010418F66AB0C60E30093A4EA75019654C70CE024ABC4102EEF47A2
Then compute g_b = pow(g, b) mod dh_prime
g_b = 2DDFD3127F3027E815116B580669DC0A4B1B104CCCF97A0460E9AF7617DC7A571ECDF0FA98545C0309E53FF99C34B5DA33363A4270E9BEF97BB6D207CA639EE609B499A708A97E2F2440C7770FF902C165C14641A1340F835CEC5096F231755042C06E8E5A01F65A0CDB3294C7AC2DFF29B8E9331CC80B87B4F9824252BA12AA8BBD645D923C55AB18392DAE57A80BD6626093FD229DF0BC6C7312FBC7B2651267BA6F6DA04F47376E92EA451C702618A3B22897FD7066B211C7B3967027AF5E9FC9E003F1F558E574E0BEB154DC059321DC21D85AE136E046962FE6C1D8EC8B35845AB133D90F9FF73C112508DD660AAAE1BA1B235039C966CD40B19C0885C8
Generated payload (excluding transport headers/trailers):
0000 | 54 B6 43 66 75 E6 22 F3 BC 7D 71 46 32 B8 33 82
0010 | 1F D7 BB 0C 8E C5 3E C0 50 CB 2D 47 5B 45 7B AF
0020 | 44 5B 49 F5 00 00 00 00 00 00 00 00 FE 00 01 00
0030 | 2D DF D3 12 7F 30 27 E8 15 11 6B 58 06 69 DC 0A
0040 | 4B 1B 10 4C CC F9 7A 04 60 E9 AF 76 17 DC 7A 57
0050 | 1E CD F0 FA 98 54 5C 03 09 E5 3F F9 9C 34 B5 DA
0060 | 33 36 3A 42 70 E9 BE F9 7B B6 D2 07 CA 63 9E E6
0070 | 09 B4 99 A7 08 A9 7E 2F 24 40 C7 77 0F F9 02 C1
0080 | 65 C1 46 41 A1 34 0F 83 5C EC 50 96 F2 31 75 50
0090 | 42 C0 6E 8E 5A 01 F6 5A 0C DB 32 94 C7 AC 2D FF
00A0 | 29 B8 E9 33 1C C8 0B 87 B4 F9 82 42 52 BA 12 AA
00B0 | 8B BD 64 5D 92 3C 55 AB 18 39 2D AE 57 A8 0B D6
00C0 | 62 60 93 FD 22 9D F0 BC 6C 73 12 FB C7 B2 65 12
00D0 | 67 BA 6F 6D A0 4F 47 37 6E 92 EA 45 1C 70 26 18
00E0 | A3 B2 28 97 FD 70 66 B2 11 C7 B3 96 70 27 AF 5E
00F0 | 9F C9 E0 03 F1 F5 58 E5 74 E0 BE B1 54 DC 05 93
0100 | 21 DC 21 D8 5A E1 36 E0 46 96 2F E6 C1 D8 EC 8B
0110 | 35 84 5A B1 33 D9 0F 9F F7 3C 11 25 08 DD 66 0A
0120 | AA E1 BA 1B 23 50 39 C9 66 CD 40 B1 9C 08 85 C8
Payload (de)serialization:
client_DH_inner_data#6643b654 nonce:int128 server_nonce:int128 retry_id:long g_b:string = Client_DH_Inner_Data;
Parameter | Offset, Length in bytes | Value | Description |
---|---|---|---|
%(client_DH_inner_data) | 0, 4 | 54b64366 |
client_DH_inner_data constructor number from TL schema |
nonce | 4, 16 | 75E622F3BC7D714632B833821FD7BB0C |
Value generated by client in Step 1 |
server_nonce | 20, 16 | 8EC53EC050CB2D475B457BAF445B49F5 |
Value received from server in Step 2 |
g_b | 36, 260 | FE0001002DDFD3127F3027E815116B58 0669DC0A4B1B104CCCF97A0460E9AF76 17DC7A571ECDF0FA98545C0309E53FF9 9C34B5DA33363A4270E9BEF97BB6D207 CA639EE609B499A708A97E2F2440C777 0FF902C165C14641A1340F835CEC5096 F231755042C06E8E5A01F65A0CDB3294 C7AC2DFF29B8E9331CC80B87B4F98242 52BA12AA8BBD645D923C55AB18392DAE 57A80BD6626093FD229DF0BC6C7312FB C7B2651267BA6F6DA04F47376E92EA45 1C702618A3B22897FD7066B211C7B396 7027AF5E9FC9E003F1F558E574E0BEB1 54DC059321DC21D85AE136E046962FE6 C1D8EC8B35845AB133D90F9FF73C1125 08DD660AAAE1BA1B235039C966CD40B1 9C0885C8 |
Single-byte prefix denoting length, a 256-byte (2048-bit) string, and zero bytes of padding |
retry_id | 296, 8 | 0000000000000000 |
Equal to zero at the time of the first attempt; otherwise, it is equal to auth_key_aux_hash from the previous failed attempt (see Item 7). |
The serialization of Client_DH_Inner_Data produces a string data. This is used to generate encrypted_data as specified in step 6, using the following inputs:
data = 54B6436675E622F3BC7D714632B833821FD7BB0C8EC53EC050CB2D475B457BAF445B49F50000000000000000FE0001002DDFD3127F3027E815116B580669DC0A4B1B104CCCF97A0460E9AF7617DC7A571ECDF0FA98545C0309E53FF99C34B5DA33363A4270E9BEF97BB6D207CA639EE609B499A708A97E2F2440C7770FF902C165C14641A1340F835CEC5096F231755042C06E8E5A01F65A0CDB3294C7AC2DFF29B8E9331CC80B87B4F9824252BA12AA8BBD645D923C55AB18392DAE57A80BD6626093FD229DF0BC6C7312FBC7B2651267BA6F6DA04F47376E92EA451C702618A3B22897FD7066B211C7B3967027AF5E9FC9E003F1F558E574E0BEB154DC059321DC21D85AE136E046962FE6C1D8EC8B35845AB133D90F9FF73C112508DD660AAAE1BA1B235039C966CD40B19C0885C8
padding = 30E1F5763705C068F13EF090
tmp_aes_key = A778250F36205F1D35B7BAC3E0FFA72E1435191B6D2C34B2A7C5C7B4F254E75D
tmp_aes_iv = 23C60FE71C305F5760D20935ADDFA0C14E7A1EDA7E844F561DEFD4929980D475
Process:
data_with_hash := SHA1(data) + data + padding (0-15 random bytes such that total length is divisible by 16)
encrypted_data := AES256_ige_encrypt (data_with_hash, tmp_aes_key, tmp_aes_iv);
Output:
encrypted_data = BCDB4AA96F0AA9061B0F831D64A6955BC3AC837416462721DDAA16E4D7D3DCE6DC5C3DE1A16F880012D7D6030B73629DD2B3F08F983B2F0D5F94AC041053DDAAA67A8A8DC8C12C61595C8A1F86F45E78552021143BD9DE8ECAA4DC5B9D635721E2581506C1D1A80D662FC782B686702CA644E7173EE38F98875B7B5EADBE44D6FD1E3D0FDB54B44E31CB249F5CC75308DD0B10E434B74D5613BA1E4FBA7C3A3F867BBEE466FE2B29E7DE20151EAA65502E664CF6F1ABFEE1649DCEE6C61A77068D38F8C6814FCE8AF0690A0D6DA3AE7AC04D17D32669331F3884DCADF151CF0C9A125D19520DBA6C81F229687A63832448A5C36B51F5CC2C3208C12655C1802BA0EC367B2C7E1D126F72773D51C9E3F43EE8C3F05E46A038B1A2DD5BC66E853688B15CAEEA69B6FC2D6D02CA5C9BA78F8A14181A27B9BDA47E546F49DB94835841BEF6A7D7C4B70A34BD8FEE25619A15
The length of the final string is 336 bytes.
Sent payload (excluding transport headers/trailers):
0000 | 00 00 00 00 00 00 00 00 E8 D1 0C 00 21 A9 72 68
0010 | 78 01 00 00 1F 5F 04 F5 75 E6 22 F3 BC 7D 71 46
0020 | 32 B8 33 82 1F D7 BB 0C 8E C5 3E C0 50 CB 2D 47
0030 | 5B 45 7B AF 44 5B 49 F5 FE 50 01 00 BC DB 4A A9
0040 | 6F 0A A9 06 1B 0F 83 1D 64 A6 95 5B C3 AC 83 74
0050 | 16 46 27 21 DD AA 16 E4 D7 D3 DC E6 DC 5C 3D E1
0060 | A1 6F 88 00 12 D7 D6 03 0B 73 62 9D D2 B3 F0 8F
0070 | 98 3B 2F 0D 5F 94 AC 04 10 53 DD AA A6 7A 8A 8D
0080 | C8 C1 2C 61 59 5C 8A 1F 86 F4 5E 78 55 20 21 14
0090 | 3B D9 DE 8E CA A4 DC 5B 9D 63 57 21 E2 58 15 06
00A0 | C1 D1 A8 0D 66 2F C7 82 B6 86 70 2C A6 44 E7 17
00B0 | 3E E3 8F 98 87 5B 7B 5E AD BE 44 D6 FD 1E 3D 0F
00C0 | DB 54 B4 4E 31 CB 24 9F 5C C7 53 08 DD 0B 10 E4
00D0 | 34 B7 4D 56 13 BA 1E 4F BA 7C 3A 3F 86 7B BE E4
00E0 | 66 FE 2B 29 E7 DE 20 15 1E AA 65 50 2E 66 4C F6
00F0 | F1 AB FE E1 64 9D CE E6 C6 1A 77 06 8D 38 F8 C6
0100 | 81 4F CE 8A F0 69 0A 0D 6D A3 AE 7A C0 4D 17 D3
0110 | 26 69 33 1F 38 84 DC AD F1 51 CF 0C 9A 12 5D 19
0120 | 52 0D BA 6C 81 F2 29 68 7A 63 83 24 48 A5 C3 6B
0130 | 51 F5 CC 2C 32 08 C1 26 55 C1 80 2B A0 EC 36 7B
0140 | 2C 7E 1D 12 6F 72 77 3D 51 C9 E3 F4 3E E8 C3 F0
0150 | 5E 46 A0 38 B1 A2 DD 5B C6 6E 85 36 88 B1 5C AE
0160 | EA 69 B6 FC 2D 6D 02 CA 5C 9B A7 8F 8A 14 18 1A
0170 | 27 B9 BD A4 7E 54 6F 49 DB 94 83 58 41 BE F6 A7
0180 | D7 C4 B7 0A 34 BD 8F EE 25 61 9A 15
Payload (de)serialization:
set_client_DH_params#f5045f1f nonce:int128 server_nonce:int128 encrypted_data:string = Set_client_DH_params_answer;
Parameter | Offset, Length in bytes | Value | Description |
---|---|---|---|
auth_key_id | 0, 8 | 0000000000000000 |
0 since the message is in plain text |
message_id | 8, 8 | E8D10C0021A97268 |
Message ID generated as specified here » (unixtime() << 32) + (N*4) |
message_length | 16, 4 | 78010000 (376 in decimal) |
Message body length |
%(set_client_DH_params) | 20, 4 | 1f5f04f5 |
set_client_DH_params constructor number from TL schema |
nonce | 24, 16 | 75E622F3BC7D714632B833821FD7BB0C |
Value generated by client in Step 1 |
server_nonce | 40, 16 | 8EC53EC050CB2D475B457BAF445B49F5 |
Value received from server in Step 2 |
encrypted_data | 56, 340 | FE500100BCDB4AA96F0AA9061B0F831D 64A6955BC3AC837416462721DDAA16E4 D7D3DCE6DC5C3DE1A16F880012D7D603 0B73629DD2B3F08F983B2F0D5F94AC04 1053DDAAA67A8A8DC8C12C61595C8A1F 86F45E78552021143BD9DE8ECAA4DC5B 9D635721E2581506C1D1A80D662FC782 B686702CA644E7173EE38F98875B7B5E ADBE44D6FD1E3D0FDB54B44E31CB249F 5CC75308DD0B10E434B74D5613BA1E4F BA7C3A3F867BBEE466FE2B29E7DE2015 1EAA65502E664CF6F1ABFEE1649DCEE6 C61A77068D38F8C6814FCE8AF0690A0D 6DA3AE7AC04D17D32669331F3884DCAD F151CF0C9A125D19520DBA6C81F22968 7A63832448A5C36B51F5CC2C3208C126 55C1802BA0EC367B2C7E1D126F72773D 51C9E3F43EE8C3F05E46A038B1A2DD5B C66E853688B15CAEEA69B6FC2D6D02CA 5C9BA78F8A14181A27B9BDA47E546F49 DB94835841BEF6A7D7C4B70A34BD8FEE 25619A15 |
Encrypted client_DH_inner_data generated previously, serialized as a TL byte string |
The client computes the auth_key using formula g_a^b mod dh_prime
:
auth_key = 3EA4F4C36CEF29D4A96ACAA74C1CE1C36CCAB5BC275FFCBB345E58F8EDEA888E20CB36721C6006801F6059462AE5994FB37AFEEC208F798FAF71BE00108B564283119AD26B8256BC4BF673E250256AF1B8BBE9950488BDBDC8FF39B04294FA5E3ECE61075F662C9B23C8838B9111090ED035597878E9A50C2FE3FFB6A0869877D0304EE6CBE7B1DDF57304A326A1FA3DC8E024C476D1EEF60977ED46CDC34557AFDE09BBA2B29DB850331BEB26608332EBB7533E23324C45CA973874619E42E6A5799AEC48E13C7BB09D8CE6527D232A4F1EDC99B87886934B26048C22B7FC6D61140BC15660AC1F1EBBE14FED805F2C4B7C7605FE465CC16CDE6FAE2603DB1C
The server verifies and confirms that auth_key_hash is unique: since it's unique, it replies with the following:
Received payload (excluding transport headers/trailers):
0000 | 00 00 00 00 00 00 00 00 01 54 C4 A1 22 A9 72 68
0010 | 34 00 00 00 34 F7 CB 3B 75 E6 22 F3 BC 7D 71 46
0020 | 32 B8 33 82 1F D7 BB 0C 8E C5 3E C0 50 CB 2D 47
0030 | 5B 45 7B AF 44 5B 49 F5 9C C1 B8 00 4E 5E 07 A0
0040 | E1 5B 6E 0F D7 FF 61 17
Payload (de)serialization:
dh_gen_ok#3bcbf734 nonce:int128 server_nonce:int128 new_nonce_hash1:int128 = Set_client_DH_params_answer;
Parameter | Offset, Length in bytes | Value | Description |
---|---|---|---|
auth_key_id | 0, 8 | 0000000000000000 |
0 since the message is in plain text |
message_id | 8, 8 | 0154C4A122A97268 |
Message ID generated as specified here » (unixtime() << 32) + (N*4) |
message_length | 16, 4 | 34000000 (52 in decimal) |
Message body length |
%(dh_gen_ok) | 20, 4 | 34f7cb3b |
dh_gen_ok constructor number from TL schema |
nonce | 24, 16 | 75E622F3BC7D714632B833821FD7BB0C |
Value generated by client in Step 1 |
server_nonce | 40, 16 | 8EC53EC050CB2D475B457BAF445B49F5 |
Value received from server in Step 2 |
new_nonce_hash1 | 56, 16 | 9CC1B8004E5E07A0E15B6E0FD7FF6117 |
The 128 lower-order bits of SHA1 of the byte string derived from the new_nonce string by adding a single byte with the value of 1, 2, or 3, and followed by another 8 bytes with auth_key_aux_hash . Different values are required to prevent an intruder from changing server response dh_gen_ok into dh_gen_retry. |