[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-users
Subject: Re: How to implement DH algorithm using openSSL library?
From: Hemayamini Kurra <hemayaminikurra () email ! arizona ! edu>
Date: 2012-12-21 19:12:14
Message-ID: CALiXykWU_ZKU1d8jYhgwJ3HzbxapDYvkjLMgDjnF6GyRzm7i7g () mail ! gmail ! com
[Download RAW message or body]
I also have a problem in sending the pub_key to peer. As I am using
DH_generate_parameters to generate prime and generator and DH_generator_key
for generating the public key , I have to send the prime, g and pub_key to
the peer. Is there any function to do this??
Thanks in advance.
Yamini.
On Fri, Dec 21, 2012 at 9:23 AM, Hemayamini Kurra <
hemayaminikurra@email.arizona.edu> wrote:
> Thanks prashant!! This helped alot!!
>
>
> On Thu, Dec 20, 2012 at 10:09 PM, Prashant Batra <prashant0100@gmail.com>wrote:
>
>> I have this fucntion which I use to generate public-private key pair.
>>
>> - prime : depends on the dh group, you can find these values in DH rfc -
>> http://www.ietf.org/rfc/rfc3526.txt
>>
>> int32_t DHInterface::GeneratePublicPrivateKeyPair(uint8_t * pub_key,
>> uint32_t * pub_key_length)
>> {
>> char *errbuf;
>>
>> dh = DH_new();
>>
>> if ((dh->p = BN_bin2bn((unsigned char *)prime->v, prime->l, NULL)) ==
>> NULL)
>> return -1;
>>
>> if ((dh->g = BN_new()) == NULL)
>> return -1;
>> if (!BN_set_word(dh->g, 2))
>> return -1;
>>
>>
>> /* Now generate public and private key */
>>
>> if (!DH_generate_key(dh))
>> {
>> errbuf = ERR_error_string(ERR_get_error(), NULL);
>> printf("Error : %s", errbuf);
>> return -1;
>> }
>>
>> /* Covert keys from BN into bytes */
>>
>> *pub_key_length = BN_bn2bin(dh->pub_key, (unsigned char *)(pub_key));
>>
>> return 0;
>> }
>>
>> DH_Generate_key would generate a private key, and then a corresponding
>> public key value. You need to send this public key value to your peer and
>> then expect a public key value from the peer.
>> Once you get peer's public key use the same "dh" object to calculate the
>> secret value, which I do in this way-
>> peer_pub_key = BN_bin2bn((unsigned char *)peer_public_key, key_length,
>> NULL);
>>
>> if ((secret_key_length = DH_compute_key((unsigned char *)temp,
>> peer_pub_key, dh)) < 0)
>> {
>> errbuf = ERR_error_string(ERR_get_error(), NULL);
>> printf("Error : %s", errbuf);
>> return -1;
>> }
>> *secret_length = DH_size(dh);
>>
>>
>> I feel the variables would be self explainatory.
>>
>>
>> On Fri, Dec 21, 2012 at 10:19 AM, Hemayamini Kurra <
>> hemayaminikurra@email.arizona.edu> wrote:
>>
>>> Hello!!
>>>
>>>
>>> I am trying to implement Diffe-Hellman Key exchange protocol between
>>> Client and server. I am using openSSL dh.h library for that. The problem is
>>> how to send the publickey generated by DH_generate_key() function to
>>> client/server.
>>>
>>> My idea is to get the shared secret which I can use for further
>>> encryption of communication between client and server. I have followed the
>>> following steps
>>>
>>> 1. Generate the parameters uysing DH_generate_parameters()
>>> 2. DH_check() for checking the parameters generated.
>>> 3. Then to use DH_compute_key() I should be able to get the peer's
>>> public key. How can I get this?
>>>
>>> What is the private value DH_generate_key uses for generating public key?
>>>
>>> I dint find any sample programs for this problem. It would be great if
>>> anyone suggest some sample programs related to my above mentioned task!!
>>>
>>>
>>> Thanks and Regards,
>>> Yamini.
>>>
>>
>>
>>
>> --
>> Prashant Batra
>>
>>
>>
>
[Attachment #3 (text/html)]
<div dir="ltr">I also have a problem in sending the pub_key to peer. As I am using \
DH_generate_parameters to generate prime and generator and DH_generator_key for \
generating the public key , I have to send the prime, g and pub_key to the peer. Is \
there any function to do this?? <div> <br></div><div style>Thanks in \
advance.</div><div style>Yamini.</div></div><div class="gmail_extra"><br><br><div \
class="gmail_quote">On Fri, Dec 21, 2012 at 9:23 AM, Hemayamini Kurra <span \
dir="ltr"><<a href="mailto:hemayaminikurra@email.arizona.edu" \
target="_blank">hemayaminikurra@email.arizona.edu</a>></span> wrote:<br> \
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div dir="ltr">Thanks prashant!! This helped alot!!</div><div \
class="HOEnZb"><div class="h5"><div class="gmail_extra"><br> <br><div \
class="gmail_quote">On Thu, Dec 20, 2012 at 10:09 PM, Prashant Batra <span \
dir="ltr"><<a href="mailto:prashant0100@gmail.com" \
target="_blank">prashant0100@gmail.com</a>></span> wrote:<br> <blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div dir="ltr"><div>I have this fucntion which I use to \
generate public-private key pair.</div><div><br></div><div>- prime : depends on the \
dh group, you can find these values in DH rfc - <a \
href="http://www.ietf.org/rfc/rfc3526.txt" \
target="_blank">http://www.ietf.org/rfc/rfc3526.txt</a></div>
<div><br></div><div>int32_t DHInterface::GeneratePublicPrivateKeyPair(uint8_t * \
pub_key, uint32_t * pub_key_length)</div><div>{</div><div> char \
*errbuf;</div><div><br></div><div> dh = DH_new();</div><div><br></div><div>
if ((dh->p = BN_bin2bn((unsigned char *)prime->v, prime->l, NULL)) == \
NULL)</div><div> return -1;</div><div><br></div><div> if ((dh->g = BN_new()) \
== NULL)</div><div> return -1;</div><div> if (!BN_set_word(dh->g, 2))</div>
<div> return -1;</div><div><br></div><div><br></div><div> /* Now generate public \
and private key */</div><div><br></div><div> if (!DH_generate_key(dh))</div><div> \
{</div><div> errbuf = ERR_error_string(ERR_get_error(), NULL);</div>
<div> printf("Error : %s", errbuf);</div><div> return -1;</div><div> \
}</div><div><br></div><div> /* Covert keys from BN into bytes \
*/</div><div><br></div><div> *pub_key_length = BN_bn2bin(dh->pub_key, (unsigned \
char *)(pub_key));</div>
<div><br></div><div> return 0;</div><div>}</div><div><br></div><div>DH_Generate_key \
would generate a private key, and then a corresponding public key value. You need to \
send this public key value to your peer and then expect a public key value from the \
peer.</div>
<div>Once you get peer's public key use the same "dh" object to \
calculate the secret value, which I do in this way-</div><div><div>peer_pub_key = \
BN_bin2bn((unsigned char *)peer_public_key, key_length, NULL);</div>
<div><br></div><div> if ((secret_key_length = DH_compute_key((unsigned char *)temp, \
peer_pub_key, dh)) < 0)</div><div> {</div><div> errbuf = \
ERR_error_string(ERR_get_error(), NULL);</div><div> printf("Error : \
%s", errbuf);</div>
<div> return -1;</div><div> }</div><div> *secret_length = \
DH_size(dh);</div><div><br></div><div><br></div><div>I feel the variables would be \
self explainatory.</div></div><div class="gmail_extra"><div><div> <br><br><div \
class="gmail_quote"> On Fri, Dec 21, 2012 at 10:19 AM, Hemayamini Kurra <span \
dir="ltr"><<a href="mailto:hemayaminikurra@email.arizona.edu" \
target="_blank">hemayaminikurra@email.arizona.edu</a>></span> \
wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px \
#ccc solid;padding-left:1ex">
<div dir="ltr">Hello!!<div><br></div><div><div><br></div><div>I am trying to \
implement Diffe-Hellman Key exchange protocol between Client and server. I am using \
openSSL dh.h library for that. The problem is how to send the publickey generated by \
DH_generate_key() function to client/server. </div>
<div><br></div><div>My idea is to get the shared secret which I can use for further \
encryption of communication between client and server. I have followed the following \
steps</div><div><br></div><div>1. Generate the parameters uysing \
DH_generate_parameters()</div>
<div>2. DH_check() for checking the parameters generated.</div><div>3. Then to use \
DH_compute_key() I should be able to get the peer's public key. How can I get \
this? </div><div><br></div><div>What is the private value DH_generate_key uses for \
generating public key?</div>
<div><br></div><div>I dint find any sample programs for this problem. It would be \
great if anyone suggest some sample programs related to my above mentioned task!! \
</div><div><br></div><div><br></div><div>Thanks and Regards,</div>
<div>Yamini.</div></div></div>
</blockquote></div><br><br clear="all"><div><br></div></div></div><span><font \
color="#888888">-- <br><div><span style="color:rgb(102,102,102)">Prashant \
Batra</span></div><div><br></div><br> </font></span></div></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic