Matt, No reason as such for using low level interface.I just want to get it done. Do you see any issues with low level interface? or any issues with my code?
In addition, the server and client works over REST API's, hence I am using JSON format to pass the parameter over the wire. Regards, Azhar On Sun, Mar 17, 2013 at 3:27 AM, Matt Caswell < fr...@baggins.org> wrote: > > > On 16 March 2013 18:00, azhar jodatti <azhar...@gmail.com> wrote: > >> >> >> Thompson, >> >> Really thanks for the reply. appreciate your time. >> >> Yes it was JCE and not JCF. it was typo :) >> >> I am working on application which has android and iPhone client. Both the >> client talk to my server which is written in JAVA. I am using JCE >> implementation of DH algorithm and X509EncodedkeySpec for generating >> public and private key. code below >> >> X509EncodedKeySpec x509Spec = new >> X509EncodedKeySpec(this.clientPublicKey); >> PublicKey pk = kf.generatePublic(x509Spec); >> >> for the android client I am using same JCE implementation of DH algorithm >> and it works fine with my server. >> >> for iPhone client I wrote a C programme which makes use of openSSl >> implementation of DH algorithm. The problem I am facing is when I generate >> DH params (prime,generator,pulickey) at client and pass them to server to >> calculate server's public and secret key, my server (JAVA) throws >> invalidKeySpecification exception. below are steps. >> >> Client in C >> 1. I am generating DH parameters (prime,generator) >> //client is DH *client. >> //also tried with 1024 bits and DH_GENERATOR_5 >> DH_generate_parameters_ex(client,512,DH_GENERATOR_2,NULL); >> 2. then generating DH public and private key >> DH_generate_key(client) >> when I pass these (prime,generator,publickey ) generated keys to server >> which is written in JAVA , It won't work. server (JAVA) throws >> invalidKeySpecification exception. >> > > Is there any particular reason why you are using the low level interface > for this. Typically using the high level EVP interface is preferred. > > See: > http://www.openssl.org/docs/crypto/EVP_PKEY_derive.html > > To generate parameters: > > /* Create the context for generating the parameters */ > if(!(pctx = EVP_PKEY_CTX_new_id(type, NULL))) goto err; > if(!EVP_PKEY_paramgen_init(pctx)) goto err; > > /* Set a prime length of 2048 */ > if(!EVP_PKEY_CTX_set_dh_paramgen_prime_len(pctx, 2048)) goto err; > > /* Generate parameters */ > if (!EVP_PKEY_paramgen(pctx, ¶ms)) goto err; > > To generate keys: > > if(!(kctx = EVP_PKEY_CTX_new(params, NULL))) goto err; > > > if(!EVP_PKEY_keygen_init(kctx)) goto err; > > /* Generate the key */ > if (!EVP_PKEY_keygen(kctx, &key)) goto err; > > > To get the parameters afterwards you can use: > > DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey); > > > So, how are you transmitting the parameters and public keys between the > Java and C? > > Matt > >
