Hello, Jeff.
Still have questions:/ Google manual says to do so:
Using your private key and the given ephemeralPublicKey, derive a 256 bit
long shared key using ECIES-KEM. Use the following parameters as defined in
ISO 18033-2:
- Using your private key and the given ephemeralPublicKey, derive a 256
bit long shared key using ECIES-KEM. Use the following parameters as
defined in ISO 18033-2:
- Elliptic curve: NIST P-256 (also known in OpenSSL as prime256v1)
- CheckMode, OldCofactorMode, SingleHashMode and CofactorMode are 0
- Encoding function: Uncompressed Point format
- Key derivation function: HKDFwithSHA256, as described in RFC 5869
<https://tools.ietf.org/html/rfc5869>, using the following parameters:
- Salt should not be provided (per the RFC, this should be
equivalent to a salt of 32 zeroed bytes)
- Info should be Android or Google encoded in ASCII for protocol
versions ECv0 and Ecv1 respectively
- Split the generated key into two 128-bit-long keys:
symmetricEncryptionKey and macKey.
- Verify that the tag field is a valid MAC for encryptedMessage:
- For generating the expected MAC, use HMAC (RFC 5869
<https://tools.ietf.org/html/rfc5869>) with hash function SHA256 and
the macKeyobtained above
- Use a constant time array comparison to avoid timing attacks
- Decrypt encryptedMessage using AES128 CTR mode with a zero IV, no
padding, and the symmetricEncryptionKey derived above.
Question is: is equal to do it so:
- DH2 deriving shared secret using Agree method (own ephemeral private
obtained by generating from GenerateEphemeralPrivateKey )
- using CryptoPP::HKDF<CryptoPP::SHA256> to derive key
- splitting key
- using CryptoPP::CTR_Mode<CryptoPP::AES> for final decryption
OR: should I use
CryptoPP::DL_ES<
CryptoPP::DL_Keys_EC<CryptoPP::ECP>,
CryptoPP::KeyAgreementAlgorithm_DH<CryptoPP::ECP,CryptoPP::NO_COFACTOR_MULTIPLICTION>,
CryptoPP::DL_KeyDerivationAlgorithm
somehow? With overriding DL_KeyDerivationAlgorithm_P1363 with
implementation of "HKDFwithSHA256" and so on?
Or this is equal approaches?
Still have questions, because on friday, I've recovered shared_key, but
still cannot decrypt message for now.
Thank you very much!
--
You received this message because you are subscribed to "Crypto++ Users". More
information about Crypto++ and this group is available at
http://www.cryptopp.com and
http://groups.google.com/forum/#!forum/cryptopp-users.
---
You received this message because you are subscribed to the Google Groups
"Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
