### Re: pubkeys for p and g

also sprach Arnold G. Reinhold [EMAIL PROTECTED] [2003.06.29.0424 +0200]: I am not sure I understand. How does this relate to my question? Where does the other factor come from? I got the impression, and maybe I misunderstood, that you were viewing a product of two primes aA, where a was the private part= and A was the public part. That is not how RSA works. The produce aA is the public key. Either factor can be the private part. Oh, I get it. No, that was my bad. aA and bB are simply the private/Public keypairs for A and B. Yeah, yeah, I know. Algebra is always haunting me... -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED] invalid PGP subkeys? use subkeys.pgp.net as keyserver! our destiny exercises its influence over us even when, as yet, we have not learned its nature; it is our future that lays down the law of our today. - friedrich nietzsche pgp0.pgp Description: PGP signature

### Re: pubkeys for p and g

martin f krafft wrote: also sprach Peter Fairbrother [EMAIL PROTECTED] [2003.06.27.1903 +0200]: Can you give me a ref to where they say that? I'd like to know exactly what they are claiming. this will have to wait a couple of days. Perhaps they are encrypting the DH secrets with RSA keys to provide some recipient authentication? nope. Or perhaps they are using DH instead of RSA for their public keys? nope. Hmmm. It's not exactly DH, but if you used the e of a RSA key as g, and the N as p, that would actually work. It's only one RSA key tho'. -- Peter Fairbrother - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

### Re: pubkeys for p and g

martin f krafft writes: My point was that some commercial vendors (Check Point and others) claim, that if two partners want to perform a DH key exchange, they may use their two public keys for g and p. This, in effect, would mean that g and p were not globally known, but that the public keys are used in their place. ... We are writing a book and simply want to have some backup. I am almost sure that Check Point is bullshitting (wouldn't be the first time), so unless anyone has actually heard of this possibility, I am going to write this down and influence a thousand people, basically claiming that Check Point is wrong. Do you have a reference to what exactly Check Point says about this? Maybe you are misunderstanding or misinterpreting them. If you could quote it here verbatim (or provide a link if it is online) we might be able to understand their claim better. It would be wise to make sure it is not a simple misunderstanding before you put something critical about them in your book. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

### Re: pubkeys for p and g

I'm not certain I understand your questions, but here are some answers (I think). In the DH protocol you have what we call public parameters, p and g. p is a large prime integer, which defines a group Z*p, g is a generator which defines a subgroup in Z*p. You can use fix values for p an g. Now, participants will choose private and public keys. The private key is simply chosen as a random number x, whose value is between 1 and p-1. The public key associated to x will be y = g^x mod p. Participants keep x secret and y is public. You can say that (y, g, p) is the public key, or simply say that y is the public key if g and p (the public parameters) are implicitly known. Participants can choose a different x and associated y on each execution of the protocol, or have long term private public key pairs. --Anton The Check Point Firewall-1 Docs insist, that the public keys be used for p and g for the Oakley key exchange. I ask you: is this possible? - which of the two pubkeys will be p, which g? - are they both always primes? - are they both always suitable generators mod p? It just seems to me that Check Point isn't entirely sure themselves here. I'd appreciate a short cleanup... To my knowledge, g and p are globally defined, either in DH Groups (which are nothing but pre-defined g's and p's, right?), or otherwise set constant. Am I wrong about this? Thanks. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

### DH: pubkeys for p and g

The Check Point Firewall-1 Docs insist, that the public keys be used for p and g for the Oakley key exchange. I ask you: is this possible? - which of the two pubkeys will be p, which g? - are they both always primes? - are they both always suitable generators mod p? It just seems to me that Check Point isn't entirely sure themselves here. I'd appreciate a short cleanup... To my knowledge, g and p are globally defined, either in DH Groups (which are nothing but pre-defined g's and p's, right?), or otherwise set constant. Am I wrong about this? Thanks. -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED] invalid PGP subkeys? use subkeys.pgp.net as keyserver! one should never do anything that one cannot talk about after dinner. -- oscar wilde pgp0.pgp Description: PGP signature