[Botan-devel] DH public key generation

Jack Lloyd lloyd at randombit.net
Wed Oct 8 11:31:17 EDT 2008


On Wed, Oct 08, 2008 at 04:08:11PM +0100, rippel tippel wrote:

> I know that's because the AES-256 key length should be 32 bytes, but from
> Diffie-Hellman I get a 128-byte key.
> How can I decide to generate a 32-byte key from Diffie-Hellman exchange?
[...]

The right thing to do here is use a KDF or PRF. That will allow you to
generate any sized cipher key (or sequence of keys, for MACs, key
rollover, and using two sets of keys for each channel (one each
direction)).

A PRF that would be reasonable to use in this situation is the TLSv1
PRF.

-Jack



More information about the botan-devel mailing list