Thanks for the reply Jeff!! The problem comes when I try to send the values of prime and publickey to peer. As I am converting BIGNUM to binary and then at the peer the other way round, The parameters are not received properly by the peer!!
On Fri, Dec 28, 2012 at 2:28 PM, Jeffrey Walton <noloa...@gmail.com> wrote: > On Fri, Dec 28, 2012 at 3:37 PM, Hemayamini Kurra > <hemayaminiku...@email.arizona.edu> wrote: > > Hello!! > > > > I am implementing DH algorithm using OpenSSL library. > > My scenario is - > > using DH key exchange algorithm for key generation and exchange between > > client and server. Using DSA for two way authentication. > > server: > Could be tricky to get right, especially when you need semantic > authentication over the process. > > > I have generated DH parameters using DH_generate_parameters() > > I have generated the public and private keys using DH_generate_key() > Don't forget to validate the key. If you don't validate a key, you > cannot use it. For encryption, that means you don't apply your secret > to an unvalidated key; and for signatures, you don't trust the outcome > of the verification process. > > GnuPG is a special case. They used Lim-Lee primes and they can't be > validated without obtaining the unique factorization. I would > recommend asking for a key composed of a strong or safe prime or > refuse to process their data (but I've always been > defensive/paranoid). > > > I am using TCP socket programming in c to send the prime generator and > > ... > > > > I am getting "segmentation fault". > That sounds like a network programming problem. Have you been through > W. Richard Stevens' "TCP/IP Illustrated" or "UNIX Network > Programming"? > > Jeff > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
