Re: Diffie algorithm in openssl: and Java

Sat, 16 Mar 2013 14:59:05 -0700 

On 16 March 2013 18:00, azhar jodatti <azhar...@gmail.com> wrote:

>
>
> Thompson,
>
> Really thanks for the reply. appreciate your time.
>
>  Yes it was JCE and not JCF. it was typo :)
>
> I am working on application which has android and iPhone client. Both the
> client talk to my server which is written in JAVA. I am using JCE
> implementation of DH algorithm and X509EncodedkeySpec  for generating
> public and private key. code below
>
>         X509EncodedKeySpec x509Spec = new
> X509EncodedKeySpec(this.clientPublicKey);
>         PublicKey pk = kf.generatePublic(x509Spec);
>
> for the android client I am using same JCE implementation of DH algorithm
> and it works fine with my server.
>
> for iPhone client I wrote a C programme which makes use of openSSl
> implementation of  DH algorithm. The problem I am facing is when I generate
> DH params (prime,generator,pulickey) at client and pass them to server to
> calculate server's public and secret key, my server (JAVA) throws
> invalidKeySpecification exception. below are steps.
>
> Client in C
> 1. I am generating DH parameters (prime,generator)
>      //client is DH *client.
>      //also tried with 1024 bits and DH_GENERATOR_5
>      DH_generate_parameters_ex(client,512,DH_GENERATOR_2,NULL);
> 2. then generating DH public and private key
>      DH_generate_key(client)
> when I pass these (prime,generator,publickey ) generated keys to server
> which is written in JAVA , It won't work. server (JAVA) throws
> invalidKeySpecification exception.
>

Is there any particular reason why you are using the low level interface
for this. Typically using the high level EVP interface is preferred.

See:
http://www.openssl.org/docs/crypto/EVP_PKEY_derive.html

To generate parameters:

/* Create the context for generating the parameters */
if(!(pctx = EVP_PKEY_CTX_new_id(type, NULL))) goto err;
if(!EVP_PKEY_paramgen_init(pctx)) goto err;

/* Set a prime length of 2048 */
if(!EVP_PKEY_CTX_set_dh_paramgen_prime_len(pctx, 2048)) goto err;

/* Generate parameters */
if (!EVP_PKEY_paramgen(pctx, &params)) goto err;

To generate keys:

if(!(kctx = EVP_PKEY_CTX_new(params, NULL))) goto err;


if(!EVP_PKEY_keygen_init(kctx)) goto err;

/* Generate the key */
if (!EVP_PKEY_keygen(kctx, &key)) goto err;


To get the parameters afterwards you can use:

DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey);


So, how are you transmitting the parameters and public keys between the
Java and C?

Matt

Reply via email to