Sorry about the confusion in terminologies. My confusion was not about the DH exchange process. It's about how the APIs work and generate keys. I should have been clearer in using the different nomenclature.
Anyways, I now understand how the APIs work, after lot of digging into the code and running few sample DH calculations. O DH_generate_key() generates a random private key (a) unless it is already assigned. Since private key is random, the public key component (X) generated would be random as well O For a given P (large Prime) and g (Generator), and no matter what the private key be, if you exchange the public component (X) with the other party and receive their public component (Y), you and the other party will get the same shared secure key using DH_compute_key(). But I agree with Michael that the APIs are less-than-intuitive. They lack documentation and comments in the source code. You have to read and understand how the code works. Thanks for your responses. -- Bala -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Sierchio Sent: Wednesday, September 03, 2003 9:58 AM To: [EMAIL PROTECTED] Subject: Re: More DH questions Nils Larsch wrote: >>Is it true that for a given P & g, I would always get the same public key > > > No, the private key is (should be) a random number => you get a different > public key for each invocation of DH_generate_key Not quite, no. In fact, DH would be pretty useless if that were the case. See my code snippet, if you fill in the private exponent (which is what I assume you mean by private key), you'll always get the same public exponent if the private exponent is the same. >>What could be the possible problem where I am getting a different secret & >>pub_key every time? > > Perhaps you should read a textbook about cryptography. I think the problem may be the less-than-intuitive API. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
