Skip navigation links
iaik.security.ssl

Class KeyShare

An application that wants to use different than (or additional to) the default groups/KeyShareEntries may explicitly create a SupportedGroups and KeyShare entries and add the groups/KeyShareEntries that shall be supported. The following example creates SupportedGroups and KeyShare extensions for the TLS 1.3 recommended elliptic curve groups secp256r1 and x25519:
 // the extension list
 ExtensionList extensions = new ExtensionList();
 
 // SupportedGroups extension
 NamedGroup[] namedGroups = { 
      SupportedGroups.NC_PRIME_SECP256R1,
      SupportedGroups.NC_X25519 };
 SupportedGroups supportedGroups = new SupportedGroups(namedGroups);
 extensions.addExtension(supportedGroups);
 
 // KeyShare extension
  KeyShareEntry[] keyShareEntries = {
    new KeyShareEntry(SupportedEllipticCurves.NC_PRIME_SECP256R1),
    new KeyShareEntry(SupportedEllipticCurves.NC_X25519),
 };
 KeyShare keyShare = new KeyShare(keyShareEntries);
 extensions.addExtension(keyShare);
 
 // add extensions to SSLContext
 SSLContext sslContext = ...;
 sslContext.setExtensions(extensions);
 
Instead of explicitly creating the KeyShare extension you also can create the SupportedGroups extension only and then use method createKeyShare to let iSaSiLk create the KeyShare extension from the supported groups:
 KeyShare keyShare = KeyShare.createKeyShare(supportedGroups);
 
When using the default constructor of a SupportedGroups extension a SupportedGroups extension with the default groups -- if cryptographically supported -- secp256r1 ,secp384r1, secp521r1, ffdhe2048 and ffdhe3072 is created. However, when using the constructor of a KeyShare extension an empty KeyShare extension without any key share entries is created. Creating an empty KeyShare extension may be meaningful at the client side only to tell the server to respond with an HellyRetryRequest containing the group the server wants to use for the upcoming session. Using an empty KeyShare extension on the server side does not make any sense.
Version:
File Revision 56
See Also:
Extension, ExtensionList
Skip navigation links
This Javadoc may contain text parts from text parts from IETF Internet Standard specifications (see copyright note).

iSaSiLk 6.1, (c) 2002 IAIK, (c) 2003 - 2015 SIC