On 16 April 2014 05:48, chetan <chet...@neominds.in> wrote: > If this is only ECDH than how to perform ECDHE? > what changes i have to made in this code?
Well the final E in ECHDE stands for ephemeral. It is not really a difference in the way the algorithm itself works, but more about how it is used. With ECDH both parties will reuse the same keys between different invocations, and therefore end up with the same shared secret each time. In ECDHE, one or both parties will create a new key each time that a shared secret is required. In order for that to work they will have to exchange public keys. How that happens is protocol specific (and you haven't said what protocol you are going to be using). The public keys can be exchanged in-the-clear - but they *must* be authenticated in some way (e.g. by use of a MAC or digital signature). Typically you might use RSA or ECDSA to do this. Failure to authenticate the key exchange will leave you open to a man-in-the-middle attack. The actual key generation is quite straight forward and is done in the code sample on the wiki page link I originally sent you. http://wiki.openssl.org/index.php/Elliptic_Curve_Diffie_Hellman The important bit is this bit: /* Create the context for the key generation */ if(NULL == (kctx = EVP_PKEY_CTX_new(params, NULL))) handleErrors(); /* Generate the key */ if(1 != EVP_PKEY_keygen_init(kctx)) handleErrors(); if (1 != EVP_PKEY_keygen(kctx, &pkey)) handleErrors(); /* Get the peer's public key, and provide the peer with our public key - * how this is done will be specific to your circumstances */ peerkey = get_peerkey(pkey); I would also remind you about this important comment at the end of the code sample: /* Never use a derived secret directly. Typically it is passed * through some hash function to produce a key */ Matt ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
