> From: Jan Hammer [mailto:jahai...@gmx.de] > > Cryptovision derives the key the following way, from the other partys public > key and the own private key (the number of derivations can be chosen): > ** This function calculates the common secret d1 * Q2 (= d1 * d2 * G) > ** and derives the output key from the x-coordinate of the secret with > ** the KDF2HMACSHA1 derivation function of the library. > > Using AgreementUtilities.GetBasicAgreement("ECDH") and => > CalculateAgreement() obviously leads to a different result. > How does the CalculateAgreement function calculate the output and > therefore is there a way to come to the same conclusion as on the > Cryptovision part?
I find, the best documentation is to actually checkout the bouncycastle source code and look through it. Optionally run tests and step through the code. CalculateAgreement() returns a BigInteger. That's the "common secret" as you've described above. You still need to hash it. One common way of hashing it is to use SHA256, but as you mentioned above they're using KDF2HMACSHA1, you might try ECDHWithKdfBasicAgreement instead of ECDHBasicAgreement. In the GetBasicAgreement factory, that would be ... Actually, in the version of source code that I have checked out, there is no string you can use in the factory to create an instance of the ECDHWithKdfBasicAgreement. If that exists in a later version, you might use it, otherwise, just instantiate the class directly instead of using the factory.
