[Botan-devel] DH public key generation

rippel tippel rippeltippel at gmail.com
Wed Oct 8 11:08:11 EDT 2008

Thank you Jack,

   now I can generate the same shared key on both Alice and Bob.

Now I would like to use it as a key for AES-256 but I get the following

"Botan: AES-256 cannot accept a key of length 128"

I know that's because the AES-256 key length should be 32 bytes, but from
Diffie-Hellman I get a 128-byte key.
How can I decide to generate a 32-byte key from Diffie-Hellman exchange?

Here is how I am currently generating keys (main steps):

// Generate key pair
DH_PrivateKey alice_private(DL_Group("modp/ietf/1024"));
DH_PublicKey alice_public = alice_private;

// Save the public key as X.509
ofstream alice_pubkey("alice_pubkey.pem");
alice_pubkey << X509::PEM_encode(public_client);

// Public keys exchange
ofstream bob_pubkey("bob_pubkey.pem");

// Derive the shared key
X509_PublicKey *x509_key = X509::load_key("bob_pubkey.pem");
DH_PublicKey *bob_public = dynamic_cast<DH_PublicKey *>(x509_key);
shared_key = private_client.derive_key(*bob_public);

// Receive Alice's public key
ofstream alice_pubkey("alice_pubkey.pem");

// Generate key pair
X509_PublicKey *x509_key = X509::load_key("alice_pubkey.pem");
DH_PublicKey *alice_public = dynamic_cast<DH_PublicKey *>(x509_key);
DH_PrivateKey bob_private(alice_public->get_domain());
DH_PublicKey bob_public = bob_private;

// Send public key to Alice
ofstream server_key("bob_server.pem");
server_key << X509::PEM_encode(bob_public);

// Derive the shared key
shared_key = bob_private.derive_key(*alice_public);

I saw in the source code that a derive_key(const byte w[], u32bit w_len)
function exists: shall I use this one, copying the public key bytes into a
byte array? Do you think that would be safe? (is it going to "safely" use
the memory?)

Thank you,

On Tue, Oct 7, 2008 at 5:03 PM, Jack Lloyd <lloyd at randombit.net> wrote:

> On Tue, Oct 07, 2008 at 04:47:05PM +0100, rippel tippel wrote:
> > When I print the two keys, they are exactly the same.
> > I also tried to use two separate print_key() functions, one for
> > DH_PublickKey and another one for DH_PrivateKey, but the result is still
> the
> > same.
> > If the print_key() function is correct, in a DH key exchange Alice would
> > send its private key to Bob!
> In all cases you call public_value(). That returns the public key. It
> doesn't matter if the key is a DH public or private key, because in
> both cases the public key is the same thing.
> > Another problem that I have with DH key exchange is that, when Bob
> receives
> > Alice's (public?) key, I have a segfault.
> > I am sending the key using an UDP socket:
> >
> > ALICE:
> > DH_PrivateKey alice_private(DL_Group("modp/ietf/1024"));
> > DH_PublicKey alice_public = alice_private;
> > sendto(skt, (DH_PublicKey*)&alice_public, sizeof(DH_PublicKey), 0,
> (struct
> > sockaddr*)&udp_bob_addr, len);
> >
> > BOB:
> > recvfrom(skt, (DH_PublicKey*)&alice_public, sizeof(DH_PublicKey), 0,
> (struct
> > sockaddr*)&udp_alice_addr, (socklen_t*)&len);
> > DH_PrivateKey bob_private(alice_public.get_domain());   // <--
> > DH_PublicKey bob_public = bob_private;
> >
> > What's wrong with that?
> Generally speaking passing C++ objects directly across the network
> does not work terribly well, even if the machines are homogenous.  You
> can encode public keys as X.509 subjectPublicKeyInfo structures, this
> is how most programs handle import/export of raw (non-cert) public
> keys, it is a standard format and works across most public key
> algorithms.
> Regards,
>  Jack
> _______________________________________________
> botan-devel mailing list
> botan-devel at randombit.net
> http://lists.randombit.net/mailman/listinfo/botan-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/botan-devel/attachments/20081008/f6ba9b0d/attachment.html>

More information about the botan-devel mailing list