Filter
Top Products
Chapter 7 Public-Key Operations 249
Performing Diffie-Hellman Key Agreement
Performing Diffie-Hellman Key Agreement
Diffie-Hellman Key Agreement is a method for two parties to obtain the same
symmetric key. In this procedure, a central authority generates parameters and gives
them to the two individuals seeking to generate a secret key. In Phase 1, each
individual uses these parameters to produce a public value and a private value. In
Phase 2, they trade public values and each uses the other’s public value with their
own private value to generate the same secret value.
Note: One of the individuals could act as the central authority and generate the
parameters. Security does not depend on a third party’s independently
producing the parameters.
The section “Diffie-Hellman Public Key Agreement” on page 62 gives a detailed
description of the Diffie-Hellman algorithm.
Generating Diffie-Hellman Parameters
The parameters are a prime, a base, and, optionally, the length in bits of the private
value. The parties will generate their own private values in Phase 1, although the
central authority has the option of declaring how long these values will be.
Note: You may have noticed that the Diffie-Hellman algorithm is very similar to the
RSA algorithm. The Diffie-Hellman prime is analogous to the RSA modulus,
and the Diffie-Hellman base is analogous to the RSA data to encrypt. The
Diffie-Hellman private value is analogous to the RSA private exponent
(private key) in private-key encryption.
The example in this section corresponds to the file
dhparam.c. There is no Step 4,
Update, in generating Diffie-Hellman parameters.
Step 1: Creating An Algorithm Object
Declare a variable to be B_ALGORITHM_OBJ. As defined in the function prototype in
Chapter 4 of the Reference Manual, its address is the argument for
B_CreateAlgorithmObject:
B_ALGORITHM_OBJ dhParamGenerator = (B_ALGORITHM_OBJ)NULL_PTR;
if ((status = B_CreateAlgorithmObject (&dhParamGenerator)) != 0)
break;