Re: Elliptic Curve Diffie Hellman + AES256

Tue, 17 Jun 2014 04:45:32 -0700 


On Tuesday, June 17, 2014 6:21:37 AM UTC-4, Jeffrey Walton wrote:
>
>
>
> On Thursday, June 12, 2014 1:15:01 PM UTC-4, Damias wrote:
>>
>> Ok, i've managed to convert the bytes to Integers and use function 
>> DEREncode with BufferedTransformation (FileSink). But when I try to load 
>> the keys with BERDecode... this happens: 
>> terminate called after throwing an instance of 'CryptoPP::BERDecodeErr'
>>   what():  BER decode error
>>
>> ....
>>
>
> Try DEREncodePrivateKey, DEREncodePublicKey and friends. See the Crypto++ 
> wiki on Keys and Formats at 
> http://www.cryptopp.com/wiki/Keys_and_Formats#DER_Encoding.
>
My bad, I was not clear here.... the ECDH class performs Diffie-Hellman 
over elliptic curves. The keys created below:

    OID CURVE = secp256r1();
    AutoSeededRandomPool rng;
    
    ECDH < ECP >::Domain dhA( CURVE ), dhB( CURVE );
    SecByteBlock privA(dhA.PrivateKeyLength()), pubA(dhA.PublicKeyLength());
    SecByteBlock privB(dhB.PrivateKeyLength()), pubB(dhB.PublicKeyLength());
    
    dhA.GenerateKeyPair(rng, privA, pubA);
    dhB.GenerateKeyPair(rng, privB, pubB);

The keys are ephemeral. They are intended to be used once and thrown away. 
As such, there is no Load() or Save() defined on them.

The idea is you already have a long term or static key. It can be a RSA 
key, DSS key or ECDSA key, etc. When performing key agreement, you generate 
the ephemeral key pair using the ECDH class. Then, you send the other party 
your temporary ECDH public key, and you sign it with you RSA , DSS or ECDSA 
key. That is, you sign the ephemeral key with the static or long term key.

The RSA key, DSS key or ECDSA key allows you to Save() and Load() because 
they are static or long term keys. That's where you use 
DEREncodePrivateKey, DEREncodePublicKey and friends.

Jeff

-- 
-- 
You received this message because you are subscribed to the "Crypto++ Users" 
Google Group.
To unsubscribe, send an email to [email protected].
More information about Crypto++ and this group is available at 
http://www.cryptopp.com.
--- 
You received this message because you are subscribed to the Google Groups 
"Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to