 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / Security / January 2004DHParameterSpec ignored by KeyAgreement ?
I am attempting to generate a shared Secret Key via the Diffie-Hellman KeyAgreement protocol, using the IBMJCE on WSAD 4.0. It appears that KeyAgreement is ignoring my DHParameterSpec, since the Secret Key generated is the same whether I pass a null or a DHParameterSpec to the KeyAgreement instance: KeyAgreement keyAgree = KeyAgreement.getInstance("DH", "IBMJCE"); KeyAgreement keyAgree2 = KeyAgreement.getInstance("DH", "IBMJCE"); //initialize it w/ the private key, and shared params. keyAgree.init(myPrivateKey, dhParameters); // or initialize it w/ a null param spec. keyAgree2.init(myPrivateKey, (DHParameterSpec)null); // process public key keyAgree.doPhase(yourPublicKey, true); keyAgree2.doPhase(yourPublicKey, true); SecretKey sKey = keyAgree.generateSecret(); SecretKey sKey2 = keyAgree2.generateSecret(); // the following outputs two identical lines of text: // the key generated from the shared params System.out.println("Computed Shared Secret: " + new BigInteger(sKey).toString(16)); // the key from the null params System.out.println("Computed Shared Secret: " + new BigInteger(sKey2).toString(16)); Is it possible that there is a problem w/ the DHParameterSpec I am instantiating? The parameter values printed are as follows : P = (prime modulus omitted for brevity) P.length in bits = 1024 L = 0 G = 5 Thanks in advance for your help. > I am attempting to generate a shared Secret Key via the Diffie-Hellman > KeyAgreement protocol, using the IBMJCE on WSAD 4.0. [quoted text clipped - 11 lines] > // or initialize it w/ a null param spec. > keyAgree2.init(myPrivateKey, (DHParameterSpec)null); Are you sure the parameters are not implicit in myPrivateKey? > > // process public key [quoted text clipped - 9 lines] > System.out.println("Computed Shared Secret: " + new > BigInteger(sKey).toString(16)); Which BigInteger constructor are you using? My documentation may be out of date. It doesn't show a BigInteger(SecretKey) constructor. > > // the key from the null params [quoted text clipped - 10 lines] > L = 0 > G = 5 How does the sKey's value compare with the expected value (yourPublicKey**myPrivateKey) mod P? --Mike Amling Thanks for your speedy reply. I think you are correct that the parameters are implied in the DHPublicKeySpec object, as P and G are passed in on the constructor. Also, I am passing the SecretKey as a byte array to the BigInteger -- sorry for the confusion. I am still not getting the expected result however. I am using test data, including both keypairs, the dh params, and the expected secret key, provided by a 3rd party; I consistantly fail to compute the expected secret key. I do, however, get the same key whether I use myPublic/yourPrivate or yourPublic/myPrivate. The secret key I come up with is always negative. Is this a legal value? Is it perhaps a clue? The test you suggest below fails w/ an exception: BigInteger expectedS = yourPub.modPow(myPri, modP); java.lang.ArithmeticException: BigInteger: modulus not positive Another clue, maybe? Is the test derived from PKCS #3: Diffie-Hellman Key-Agreement Standard, section 8.2 "Exponentiation"? (ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-3.asc) z = (y')^x mod p, 0 < z < p Thanks very much for your help. --Dave > > I am attempting to generate a shared Secret Key via the Diffie-Hellman > > KeyAgreement protocol, using the IBMJCE on WSAD 4.0. > > > > It appears that KeyAgreement is ignoring my DHParameterSpec, since the > > Secret Key generated is the same whether I pass a null or a > > DHParameterSpec to the KeyAgreement instance: [quoted text clipped - 46 lines] > > --Mike Amling > Thanks for your speedy reply. > [quoted text clipped - 21 lines] > > Another clue, maybe? What constructor are you using to get myPri, modP, etc.? BigInteger(byte[]) takes the sign from the first bit of the byte array, which is not what you want. Use BigInteger(1, byte[]) to ensure the byte array is treated as a positive number. > Is the test derived from PKCS #3: Diffie-Hellman Key-Agreement > Standard, section 8.2 "Exponentiation"? > (ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-3.asc) > > z = (y')^x mod p, 0 < z < p I'm not quite sure what you're asking. When x is one party's private key, y' is the other party's public key, p is their common prime modulus, then z is their DH shared secret. (Note that z should not be used directly as a cryptographic key for subsequent symmetric encryption or authentication. It should be hashed, to produce a key that has no arithmetic properties.) --Mike Amling Thank you so much for your help -- the BigInteger constructor was indeed the problem! re using a hash of the secret key, yes, that is what we are doing. Cheers! --Dave hoyt > > Thanks for your speedy reply. > > [quoted text clipped - 41 lines] > > --Mike Amling Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.