On 30 November 2013 18:52, cvishnuid <cvishn...@gmail.com> wrote: > I am newbie to Open SSL . I am already have an application where server and > client are using Openssl libraries for Diffie hellman encryption.I wanna > convert server to compleatly to C# .
It is not clear from your question whether you are planning to use openssl C# language bindings in your converted application (I believe these exist but have never used them and can't comment as to how good they are), or whether you are planning to use some other crypto library, or whether you are planning to implement this your self from scratch. Some of your questions below imply the latter - which I would strongly recommend against. Find yourself a good crypto library, and many of your problems will go away. It is dangerous (from a security perspective) to implement this yourself. > I have .pem file in both server and client so i assume we have same DH > parameters (g and p) in client and server and no need to exchange this > parameters . > > Here are my questions. > > -What is criteria for choosing a random number (a). Do I need to choose a > number with specific length ? Openssl implements DH according to PKCS #3: ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-3.asc PKCS #3 defines 3 parameter values: p, g and an optional "privateValueLength" - call it l. PKCS #3 then defines that the private value shall be: "An integer x, the private value, shall be generated privately and randomly. This integer shall satisfy 0 < x < p-1, unless the central authority specifies a private-value length l, in which case the integer shall satisfy 2^(l-1) <= x < 2^l." I don't think that OpenSSL generated DH parameters use an l value. However, it can handle one if it is provided. You will need to find out if you have one (see below). > -Soon after client get connected do i have to send g pow(a)%p (A). If yes is > there any format for this Yes. PKCS#3 defines how this value should be converted into an octet string. See section 7.3 How that octet string gets sent to your peer is protocol specific. Are you using some standard protocol, or a custom one? > -In .pem file i could see section ---DH Parameters--- why is this for Is > this encrypted value of g and p i don't have to use it. This file contains a PEM encoding of a PKCS #3 DHParameter structure defined as follows: DHParameter ::= SEQUENCE { prime INTEGER, -- p base INTEGER, -- g privateValueLength INTEGER OPTIONAL } You can examine the contents of the file using command line openssl: openssl dhparam -in dhparam.pem -text -noout This should tell you what your p and g values are, and whether you have an l. > -how do i encrypt an decrypt message with the secrete key i have to XOR > every byte with the secret key Having calculated the shared secret you would normally pass it through some key derivation function - e.g. a message digest such as some SHA2 variant. The output of that is what use as the key. Again the precise details of this will be protocol specific. To encrypt/decrypt you will take the key and pass it into some symmetric encryption cipher. > > Over all my question what is low level flow and from server side. I am > using DH1024. The precise communication between client and server is protocol specific, and you haven't told us anything about your protocol. Hope that helps Matt ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
