[Botan-devel] Size of Diffie-Hellmann public and private keys
lloyd at randombit.net
Mon Jun 27 12:20:46 EDT 2005
There are no fixed sizes, beyond what BigInt can hold (which is a very very
large number), and what you are willing to tolerate in terms of speed. When you
create a Diffie-Hellman key, you specify the size in bits, and generally
speaking this can be whatever you like.
However, typically, instead of creating your own domain parameters, you will
use the built-in parameters (which are the IPsec DH primes). The ones included
in Botan are the 768, 1024, 1536, 2048, 3072, and 4096 bit groups.
So for example
will generate a 2048 bit Diffie-Hellman key using the 2048 bit IPsec prime, while
will generate a 1234 bit DH key using a newly generated parameter set.
Keep in mind that all parties must share the same DH group, so it is usually
simpler to use a known group type (since it provides an easy reference for
other implementations, as well as confidence that the prime wasn't specially
generated with the intention of baking in any weaknesses). Also, generating new
groups is slow, and typically using these randomly generated groups is slower
than using ones with special forms which are meant to help ease the
On Mon, Jun 27, 2005 at 05:29:52PM +0200, Ruben Quintero Lores wrote:
> Can you tell me the size of Diffie-Hellmann public and private keys in
> Can I set it??
> Best regards
> botan-devel mailing list
> botan-devel at randombit.net
More information about the botan-devel