> From: owner-openssl-us...@openssl.org On Behalf Of jeetendra gangele > Sent: Monday, 17 December, 2012 21:48
> Yes i used [KDF1_SHA1 for ECDH_compute_key] from ec/ecdhtest.c. > If you see the ECDH_compute_key in last argument It need some hash > function to sign the shared secret. The last argument can be null and usually should be null. If nonnull it is used for key derivation, NOT signing of any kind. > And here I need 256 bit secret key,that will be point on curve?. > That why I tried to use here sha256,because sha1 is 20bytes . > The ECDH agreement is technically a point, but by convention only the x coordinate is used, because y adds no entropy. The x coordinate is the size of the group/curve (or rarely less). You can 'expand' it using a hash like SHA256 or SHA512, but you get no benefit from doing so as long as you're using the result in a decent symmetric cipher. You might as well just pad it with zeros (or ones or anything else deterministic you like). > Also ECDH_compute_key for this fun I did not find much detail. > Do you know how can I get x,y cordinate from public point i mean which > API to use? > You can get coordinates from any point, depending on the type of group/curve used; see EC_compute_key for an example. But separate coordinates of a public point are unhelpful; you need the whole point to do the ECDH computation. Technically you can reconstruct the point from x (or x and y), but if you already have the point (and you should) doing so is just a waste of effort. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
