1) The C version is in hex while the java version is in decimal. Is this intentional? When you are reading in the values are reading them correctly (i.e. as hex or as decimal as required) Yes. it was intentional. I am taking care of this. 2) Is this sample from the *same* key exchange? The parameters are different which are obviously going to cause it to fail. When I run both programs it calculates the params (p,g,pk) every time on execution . that's the reason both key values are different. That won't make any such difference :) right?
3) Its not actually necessary to pass the full parameters every time you exchange keys. This can be agreed up front, e.g. RF5114 defines a set of standard well known parameters which can be used "off the shelf". OpenSSL has built-in support for these. I need to look into this. Do you mean the hard coded prime and base generator numbers at client and server? how about public key? Regards, Azhar On Mon, Mar 18, 2013 at 3:22 PM, Matt Caswell <fr...@baggins.org> wrote: > > > On 18 March 2013 06:26, azhar jodatti <azhar...@gmail.com> wrote: > >> >> >> Thanks matt for looking at this. below are the details >> >> json from C with openSSL >> >> { >> "prime": >> "B01DBDE7823A696F13EEFDE810DF2A010ED8BA919186029BEECCF2F0454CE85CA3E3FFD0EB3A578F80C28930AD98559D57605E37BFE2B1BD3C6D6C7657384F4DDFF45D57C59EF2DEADAF7605A1EB36A5D5007162F026E5AE161F489C8C79A5AD10C40FC7B914CDD85EE8A493307EE183194655D5190A3B7D8B45036E56E0C653", >> "basegenerator": "2", >> "size": "1024", >> "publickey": >> "829DE389D7731F6CB1C92B92965E119FFCBAE433C5B19B5C262623FD5EA6F2D53EFAD3195372B7C746DB376C3739CBC03BE7614183F658E059F02FF8C463051E3684424BE8F3F96353275201D8B8154DED3A5152DD04EBD55C0EC20544F975EEEB703B3085C174C761712AC83EACF8507895571E1F076876F26162504D75EF11" >> } >> >> JSON with JAVA >> >> { >> "prime": >> "178011905478542266528237562450159990145232156369120674273274450314442865788737020770612695252123463079567156784778466449970650770920727857050009668388144034129745221171818506047231150039301079959358067395348717066319802262019714966524135060945913707594956514672855690606794135837542707371727429551343320695239", >> "basegenerator": >> "174068207532402095185811980123523436538604490794561350978495831040599953488455823147851597408940950725307797094915759492368300574252438761037084473467180148876118103083043754985190983472601550494691329488083395492313850000361646482644608492304078721818959999056496097769368017749273708962006689187956744210730", >> "size": "1024", >> "publickey": >> "154098060632197825972569070553594673213907981120204558893455132154488920498286340180930009617674527453058248409146259055129616519883338912429359077804301589391083095780370584174889589223725092053310001148182587778315708960959816212553890780658697750126252666385136330617189340099488509957293788029153796583284280546893194823052732368554200517384648060949814219845513312636361799960550824305241776726569729968117653644039260346804354135691237238964153781814300021332541328282477027772784043832083697573459487287571520026609334964134811373470209956613009283464376018849091639198208244682804180475479662224652170610412421382256896232908714139611606796633319949985382724877107919957408909942743414340389890006834786464852247662337830546584844189278383274479199021252090407963572739286575933788241737975537671923484277171204499262529715278092506505239752566691287452373502190399117732855968397767896906732126573639005461407592315315318920060328019073971670048355762952267750188451524151795498747866082848788789357672209810743252483" >> } >> >> Kindly let me know if you need anything else. even I can share my >> implementation (both Java and C) >> > > So a few things strike me about this: > > 1) The C version is in hex while the java version is in decimal. Is this > intentional? When you are reading in the values are reading them correctly > (i.e. as hex or as decimal as required) > > 2) Is this sample from the *same* key exchange? The parameters are > different which are obviously going to cause it to fail. > > 3) Its not actually necessary to pass the full parameters every time you > exchange keys. This can be agreed up front, e.g. RF5114 defines a set of > standard well known parameters which can be used "off the shelf". OpenSSL > has built-in support for these. > > Matt > > >