Sample Three-Phase Exchange Protocol
To generate an authenticated and encrypted connection between two parties on a nonsecure network, the parties can exchange a set of messages that negotiate a pair of encryption keys. One key is used by the "sender" to encrypt messages and the other is used by the "receiver." This protocol ensures that both parties are currently active and are sending messages directly to each other. In other words, this protocol prevents "replay" and "man-in-the-middle" attacks.
Note This section assumes that both parties involved already possess their own set of public/private key pairs and that they have also obtained each other's public keys.
It is further assumed that the parties have already exchanged human-readable user names. This is generally done at the same time the public keys are exchanged, since the user name is included as part of each certificate. When necessary, the public key data can be used as the user name, although this is not recommended. All that really matters, though, is that each party's user name be tightly bound to their public key and that both parties agree on what their respective user names are.