[botan-devel] Diffie-Hellman key exchange issue going to v1.10.0

Jack Lloyd lloyd at randombit.net
Fri Jun 24 13:26:58 EDT 2011


On Fri, Jun 24, 2011 at 09:13:26AM -0700, William K. Foster wrote:

> The DH_PublicKey class no longer has derive_key(), what is its replacement
> in v1.10.0 for DH key exchange?

What you're looking for is the class PK_Key_Agreement in pubkey.h
(this class also existed in 1.8 albeit with a slightly different
interface).

In 1.10 doc/examples/dh.cpp provides an example of using it.

I think what you want is something like:

void
CipherDH::exchangeSharedKey(const DH_PublicKey *serverPublicDHKey, string
&sharedKey)
{
  const DH_PrivateKey clientPrivateKey(rng(), serverPublicDHKey->get_domain());
...
  const PK_Key_Agreement key_agreement(clientPrivateKey, "Raw");

  const SymmetricKey sharedSymKey =
    key_agreement.derive_key(0, serverPublicDHKey->public_value());

}

string
CipherDH::computeSharedKey(const DH_PublicKey *clientPublicDHKey)
{
  // Member variable is: const Botan::DH_PrivateKey _privateDHKey;
  //  init:  _privateDHKey(rng(), DL_Group("modp/ietf/1024"))

  const PK_Key_Agreement key_agreement(clientPrivateKey, "Raw");

  const SymmetricKey sharedKey = key_agreement.derive_key(0, clientPrivateKey->public_value());

}

"Raw" means you're getting back the shared DH secret directly without
any hashing, since that was what you were getting before calling
derive_key on the class. If you are able, switch to using KDF2
instead. (This is one of the big reasons these functions were removed
from the keys, they were so obviously useful and yet were hardly ever
the right thing to use because they directly expose the primitives
without any padding or the like).

-Jack



More information about the botan-devel mailing list