Re: Diffie algorithm in openssl: and Java

Wed, 20 Mar 2013 14:58:02 -0700 

On 20 March 2013 19:21, azhar jodatti <azhar...@gmail.com> wrote:

> One more query :).
>
> After generating secret key :
> byte[] bobSharedSecret = bobKeyAgree.generateSecret();//this generates
> secret key. Note : this key matches with C client secret key :)
>
> I am doing below stuff in JAVA :
>        SecretKeyFactory skf = SecretKeyFactory.getInstance("DES");
>         DESKeySpec desSpec = new DESKeySpec(bobSharedSecret);
>         this.secretKey = skf.generateSecret(desSpec);
>
> What is the equivalent of this in C?

Well looking at the docs the DESKeySpec constructor just takes the
first 8 bytes of the byte array to form the key. The equivalent is to
just pass an unsigned char * pointing at the shared secret in the key
parameter in the call to EVP_EncryptInit_ex.

BUT - you should NOT use the shared secret directly like this. This
goes back to my point about implementing your own protocol - it is
easy to make a mistake like this. Protocols will typically pass the
shared secret through some message digest function (such as SHA2), and
use the output from that as the key. See section 2.1.2 of RFC2631 for
an example of this in practice. The problem is that the set of
possible DH shared secrets is not necessarily evenly distributed
within the keyspace. By using the shared secret directly you could
introduce biases into your encryption, which could in turn lead to a
security flaw.  (As an aside another potential security problem with
DH is that it is susceptible to MITM attacks without some
authentication layer - another thing that protocols will typically
add)

For information on encryption with openssl see:
http://wiki.opensslfoundation.com/index.php/EVP
and in particular these pages linked from there:
http://wiki.opensslfoundation.com/index.php/EVP_Symmetric_Encryption_and_Decryption
http://wiki.opensslfoundation.com/index.php/EVP_Authenticated_Encryption_and_Decryption

Also see the manual pages:
http://www.openssl.org/docs/crypto/EVP_EncryptInit.html#

Message Digests are covered here:
http://wiki.opensslfoundation.com/index.php/EVP_Message_Digests
http://www.openssl.org/docs/crypto/EVP_DigestInit.html#

Matt
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to