>From: owner-openssl-us...@openssl.org On Behalf Of azhar jodatti
>Sent: Wednesday, 20 March, 2013 15:21
>On Wed, Mar 20, 2013 at 5:12 PM, Matt Caswell <fr...@baggins.org> wrote:
> On 20 March 2013 11:25, azhar jodatti <azhar...@gmail.com> wrote:
> > byte[] bobPubKeyEnc = bobKpair.getPublic().getEncoded();
> This is providing an encoded form of the public key, whereas your
code
> is expecting it as an integer. Use the following instead:
> DHPublicKey dhpubkey = (DHPublicKey)(bobKpair.getPublic());
> BigInteger bobPubKeyInt = dhpubkey.getY();
To be exact, PublicKey.getEncoded() is returning the X509 encoding
of the parameters AND public value (y), which is why it looks huge.
Matt's correction correctly get y separately, as a number.
>One more query :).
>After generating secret key :
>byte[] bobSharedSecret = bobKeyAgree.generateSecret();
>//this generates secret key. Note : this key matches with C client secret
key :)
Actually that's the shared secret, as your name says.
Using the shared secret directly as a secret key is the naive
1970's version often shown in textbooks, but (most?) real
protocols and standards interpose a key derivation step.
Also this is good place to note that unauthenticated DH keyagreement
is insecure against an active attacker. Look for Ross Anderson's
paper "Mind your p's and q's".
>I am doing below stuff in JAVA :
> SecretKeyFactory skf = SecretKeyFactory.getInstance("DES");
> DESKeySpec desSpec = new DESKeySpec(bobSharedSecret);
> this.secretKey = skf.generateSecret(desSpec);
If you don't care about DES specifics (see below) you can use
SecretKeySpec with algorithm=DES and it implements interface Key
so you can pass it to Cipher.init without going through a factory.
>What is the equivalent of this in C?
*openssl* doesn't require magic data types like Java does,
but does require that a DES key be "scheduled" or "expanded"
before actual encrypt/decrypt. You can do this with the
encrypt/decrypt call, or (once) in advance like:
DES_key_schedule des_k;
DES_set_key[_checked/_unchecked] ((void*)secretkeyvalue, &des_k);
See man -3ssl des
(For other crypto libraries in C, answer is different.)
But note classic single DES is fallen for about 10 years.
Are you using a textbook from 1990 or something?
>this.secretKey is an object of javax.crypto.SecretKey which
>I am using for symmetric encryption like this
> byte[] utf8 = plaintext.getBytes("UTF8");
> Cipher c = Cipher.getInstance("DES");
> c.init(Cipher.ENCRYPT_MODE, this.secretKey);
> byte[] encryptedText = c.doFinal(utf8);
> return new sun.misc.BASE64Encoder().encode(encryptedText);
With the usual providers "DES" is really "DES/CBC/PKCS5Padding",
and it would be clearer to be explicit. I thought that CBC with
no IV specified uses a random IV, which you would need to transmit,
but on testing apparently it uses zeros, which in general is bad
but if you are using nonce DEKs it is tolerable.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
