RSA encryption handshake

4096 bit RSA encrypted handshake – what does this mean?

It sounds technical,

but once you understand the ‘computer speak’, 4096 bit RSA encrypted handshake is telling you how your computer and the VPN system are connecting to each other and will maintain your privacy.

When you log on, you need two things: confidential communication and authentication of who/what you are connecting to. The systems need to establish trust with each other, and they do this during the initial contact – via the handshake.

The handshake is deliberately complex, and the 4096 bit RSA encrypted handshake uses long numerical keys (4096 bit) and incorporates two methods. One is the RSA handshake to establish authentication, and the other is the Diffie Hellman handshake to establish the keys used for confidentiality.

After the handshake is complete, a symmetric cipher is used to encrypt the data – IE AES or GCM in this case


But back to the handshake.

There are two types of keys used in the handshake: public keys and private keys. The keys are needed to encrypt and decrypt the data.

Very simply, during this handshake, public keys are sent out into the internet and are shared or swapped. Websites use public keys as part of their authentication process.

Once the authentication process is completed, a unique private key is generated by the two parties, exclusively for that session, each sending their own separate parameters, ensuring neither have access to the entire equation, yet they both end up with a copy of the key.

Private keys create the confidentiality.


Two types of encryption are used – symmetric and asymmetric.

Symmetric encryption uses the same key for encryption and decryption.

Asymmetric uses two keys – the public and private ones mentioned above. As you would expect, this is more secure due to the complication of using both types of keys.

The 4096 bit RSA encrypted handshake in this instance refers to using the RSA handshake with one algorithm for key establishment, creating both public and private keys, plus the Diffie Hellman method to produce keys – again, both public and private.

This handshake exchanges public keys and generates unique keys to ensure confidentiality and authentication using asymmetric encryption.


The Diffie Hellman key exchange method

is a way of two parties generating a shared secret – in our case the unique key – without others knowing about it or being able to find out about it.

No one can figure out the unique key, no one can analyze the data sent using it at a later date, because these keys are never saved, never transmitted to the other and never made public.

This means the method is done independently of the server’s private key, which then allows for what is known as forward secrecy.

Forward secrecy protects any digital conversation from being exposed, even if the private key is somehow obtained at a later date.

Depending upon your CPU, the 4096 bit RSA handshake can initially reduce the CPU capacity, but this only happens when you log on because the authentication is asymmetrical encryption.  Once the connection is established, the data is sent back and forth symmetrically and doesn’t impact the CPU any further.