>From: owner-openssl-us...@openssl.org On Behalf Of azhar jodatti >Sent: Wednesday, 13 March, 2013 13:44
>I was trying to implement the diffie Hellman algorithm in Java >which makes use of JCF and as well as in c with openssl... I assume you mean JCE, or maybe JCA. JCF is completely unrelated. >I am able to get this work in respective languages I.e Java - Java >and C-C works fine . Generates the DH parameters and other stuffs quit well. >Since my server is in Java and client is in C, I was trying to use >openssl generated keys with Java as other part of component which is not >working at all. Java keeps giving me invalid key specification exception... What exactly are you trying to do? Your client and server, or other parties, should NEVER share a DH privatekey; they must share parameters (the group definition prime P and generator G) and exchange publickeys that use the same parameters. There are two usual ways of doing this: 1: parameters are distributed in advance, each party generates keypair (possibly certified), and they exchange at least public values (y) and optionally also duplicate parameters (especially if using certificates). 2: one party (in SSL/TLS the server) sends publickey containing parameters and public value (which may be generated in advance or transient); other party uses parameters to generate and send public value (usually transient). Openssl stores DH parameters in PKCS3 format, and since 1.0.0 can store DH privatekey in PKCS8 clear (really privkeyinfo) or encrypted and DH publickey in "PUBKEY" (X509 pubkeyinfo), both of which include parameters. JCE as far as I can see can't handle DH parameters alone, but can handle PKCS8 clear as PKCS8EncodedKeySpec and X509-keyinfo as X509EncodedKeySpec. (JCE handles only the DER forms; converting DER to/from PEM isn't hard, but openssl does it easily for free.) For 2 above Java responder can simply read the peer's publickey, and copy the parameters to generate its "self" keypair. For 1 you can either (create and) use a dummy publickey to transmit the parameters or you can write your own code to do PKCS3 -- or some other format. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
