[Botan-devel] DH public key generation

Jack Lloyd lloyd at randombit.net
Tue Oct 7 10:42:14 EDT 2008

On Tue, Oct 07, 2008 at 12:01:04PM +0100, rippel tippel wrote:
> Hi all,
>    I was looking at the dh.cpp example and I noticed that Alice is sending
> to Bob its own private key, instead of generating a proper public key. Then
> Bob does the same.

That is not the case. In Botan private keys 'slice' to the
cooresponding public key. (In retrospect this was not a good design
decision, but that is how the object hierarchy was originally

> I think this is wrong (ok it's just an example) but how can I generate a
> different DH_PublicKey from DH_PrivateKey, so that only the public key is
> sent to Bob?

All you need to do is any of the following to get the public key:

DH_PublicKey my_public_key = my_private_key;
std::string my_public_key_str = X509::PEM_encode(my_private_key);
SecureVector<byte> my_public_key_bits = my_private_key.public_value();

The DH_PublicKey can only represent the public value (it doesn't even
have fields where it could store the others), and so if it is
serialized only the public value will be contained.

> Another question: referring to the DH key exchange described on Wikipedia (
> http://en.wikipedia.org/wiki/Diffie-Hellman), the private key should be 'a'
> for Alice and 'b' for Bob, while the public key is 'g, p, A' for Alice and
> 'B' for Bob. Is that correct also for Botan?

Yes. Here g and p are in the DL_Group passed to the DH_PrivateKey
constructor. DL_Group's "modp/ietf/1024" means the second Oakley MODP
group, specified in the IKE specification (RFC 2409). All the Oakley
primes are of the form

2^n - 2^(n-64) - 1 + (2^64 * ((2^(n-130) * pi) + C))

(where C is the first positive integer that causes the number to be a
prime). In each case (so far) the generator is 2.

What Wikipedia calls A and B are here public_a and public_b (or to be
precise, public_a.public_value() and public_b.public_value()).


More information about the botan-devel mailing list