On 20 March 2013 19:21, azhar jodatti <azhar...@gmail.com> wrote: > One more query :). > > After generating secret key : > byte[] bobSharedSecret = bobKeyAgree.generateSecret();//this generates > secret key. Note : this key matches with C client secret key :) > > I am doing below stuff in JAVA : > SecretKeyFactory skf = SecretKeyFactory.getInstance("DES"); > DESKeySpec desSpec = new DESKeySpec(bobSharedSecret); > this.secretKey = skf.generateSecret(desSpec); > > What is the equivalent of this in C?
Well looking at the docs the DESKeySpec constructor just takes the first 8 bytes of the byte array to form the key. The equivalent is to just pass an unsigned char * pointing at the shared secret in the key parameter in the call to EVP_EncryptInit_ex. BUT - you should NOT use the shared secret directly like this. This goes back to my point about implementing your own protocol - it is easy to make a mistake like this. Protocols will typically pass the shared secret through some message digest function (such as SHA2), and use the output from that as the key. See section 2.1.2 of RFC2631 for an example of this in practice. The problem is that the set of possible DH shared secrets is not necessarily evenly distributed within the keyspace. By using the shared secret directly you could introduce biases into your encryption, which could in turn lead to a security flaw. (As an aside another potential security problem with DH is that it is susceptible to MITM attacks without some authentication layer - another thing that protocols will typically add) For information on encryption with openssl see: http://wiki.opensslfoundation.com/index.php/EVP and in particular these pages linked from there: http://wiki.opensslfoundation.com/index.php/EVP_Symmetric_Encryption_and_Decryption http://wiki.opensslfoundation.com/index.php/EVP_Authenticated_Encryption_and_Decryption Also see the manual pages: http://www.openssl.org/docs/crypto/EVP_EncryptInit.html# Message Digests are covered here: http://wiki.opensslfoundation.com/index.php/EVP_Message_Digests http://www.openssl.org/docs/crypto/EVP_DigestInit.html# Matt ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org