|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
Interface to be implemented for supporting Diffie-Hellman public keys.
Attention: This is not a SUN implementation!
This class has been developed by IAIK according to the documentation publically available.
For SUN´s documentation of this class see
http://java.sun.com/security/JCE1.2/spec/apidoc/index.html
The Diffie Hellman algorithm constitutes a key-exchange (or key-agreement) algorithm where some entities communicate according to a predescribed protocol for generating a shared secret only known by them.
The Diffie Hellman algorithm has been the first public-key algorithm. It only can be used for key-agreement, but not for data encrypting and decrypting.
PKCS#3 describes a
method for implementing the Diffie Hellman key agreement where two entities use
general Diffie Hellman parameters (an odd prime p, an integer base
g satisfying 0 < g < p, and
optionally an integer l prescribing the length of the private value),
generated from some central authority (which may be an entity itself), to perform
two phases of the key agreement protocol:
x satisfying
0 < x < p-1. If the central authority has
prescribed the length l of the private value x,
it has to fulfill 2l-1 <= x < 2l. From
the private value, the public value y is created by doing
y = (gx)(mod p) with 0 < y < p.
Subsequently each entity sends the public value just created to the other entity
involved in the key agreement.
y' received from the other entity to
finally create the shared secret z from the own private value x:
z = (y'x)(mod p) with 0 < z < p.
There may be more than only two entities involved into a Diffie Hellman key agreement.
Any application wishing to be participated into a Diffie Hellman key agreement has to
instantiate the javax.crypto.KeyAgreement class and initialize it with
its DHPrivateKey for bringing in the required private information. A DH Hellman
private key maybe generated using a proper key pair generator, e.g.:
KeyPairGnerator dh_key_gen = KeyPairGenerator.getInstance("DH");
dh_key_gen.initialize(1024);
KeyPair dh_key_pair = dh_key_gen.generateKeyPair();
DHPrivateKey dh_priv_key = (DHPrivateKey)dh_key_pair.getPrivate();
KeyAgreement dh_key_agreement = KeyAgreement.getInstance("DH");
dh_key_agreement.init(dh_priv_key);
Each phase of a key agreement is performed by a call to the doPhase
method, supplied with some other entity´s public key or some intermediate
key resulting from the last phase. When calling doPhase, it has
to be specified whether to perform already the last phase of the key agreement
or not by setting the lastPhase parameter to true
or false:
dh_key_agreement.doPhase(dhPubKey_from_other_entity, true);Actually generating the shared secret is done by calling the
generateSecret method:
byte[] shared_secret = dh_key_agreemant.generateSecret();
DHKey,
DHPrivateKey,
KeyAgreement,
KeyPairGenerator| Fields inherited from interface java.security.PublicKey |
serialVersionUID |
| Method Summary | |
BigInteger |
getY()
Returns the public value y. |
| Methods inherited from interface javax.crypto.interfaces.DHKey |
getParams |
| Methods inherited from interface java.security.Key |
getAlgorithm, getEncoded, getFormat |
| Method Detail |
public BigInteger getY()
|
This Javadoc may contain text parts from Internet Standard specifications (RFC 2459, 3280, 3039, 2560, 1521, 821, 822, 2253, 1319, 1321, ,2630, 2631, 2268, 3058, 2984, 2104, 2144, 2040, 2311, 2279, see copyright note) and RSA Data Security Public-Key Cryptography Standards (PKCS#1,3,5,7,8,9,10,12, see copyright note). | ||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
IAIK-JCE 3.1 with IAIK-JCE CC Core 3.1, (c) 1997-2004 IAIK