Leon Brits wrote: > In a test I have three DH key pairs generated from the IKE groups 14,15 > and 16 paramters. > > When I want to derive a secret and I use the 2048 bit private key then > the derivation fails if I use the 3072 or 4096 bit public key.
Are you, by chance, trying to derive secret from keypairs generated with *different* parameters? This cannot possibly work, of course. Both sides keypairs must be generated for same DH parameters. > But if I derive using the 3072 bit private key then I can derive using > the 2048 and 3072 bit public key. > > When I use the 4096 bit private key I can derive with any of the public > keys. > > The error I get when it fails is from the EVP_PKEY_derive() function: > “error:05066066:Diffie-Hellman routines:COMPUTE_KEY:invalid public key” > > > > It seems the private key must be the same or larger to succeed. > > Is this correct: Can the public key not be larger than the private key? ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
