COM.claymoresystems.ptls
Class SSLDHPrivateKey

java.lang.Object
  extended by COM.claymoresystems.crypto.DHPrivateKey
      extended by COM.claymoresystems.ptls.SSLDHPrivateKey
All Implemented Interfaces:
java.io.Serializable, java.security.Key, java.security.PrivateKey

public class SSLDHPrivateKey
extends DHPrivateKey

See Also:
Serialized Form

Field Summary
 
Fields inherited from class COM.claymoresystems.crypto.DHPrivateKey
g, p, X, Y
 
Fields inherited from interface java.security.PrivateKey
serialVersionUID
 
Constructor Summary
SSLDHPrivateKey()
           
 
Method Summary
 void initPrivateKey(java.math.BigInteger g_, java.math.BigInteger p_, java.security.SecureRandom rand_)
           
 void initPrivateKey(java.security.SecureRandom rand_, int keylength, boolean sg)
          Generate a DH private key.
 byte[] keyAgree(DHPublicKey pub, boolean check)
           
 
Methods inherited from class COM.claymoresystems.crypto.DHPrivateKey
getAlgorithm, getEncoded, getFormat, getg, getgBytes, getInstance, getp, getpBytes, getX, getY, getYBytes, toBytes
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SSLDHPrivateKey

public SSLDHPrivateKey()
Method Detail

initPrivateKey

public void initPrivateKey(java.math.BigInteger g_,
                           java.math.BigInteger p_,
                           java.security.SecureRandom rand_)
Specified by:
initPrivateKey in class DHPrivateKey

initPrivateKey

public void initPrivateKey(java.security.SecureRandom rand_,
                           int keylength,
                           boolean sg)
Generate a DH private key. We generate the parameters in one of two modes: 1. If sg is false, then we simply generate a large p and check that it's a generator using the trick of checking the p % 24 == 11 (From Phil Karn via OpenSSL). 2. If sg is true, then we generate Sophie-Germain primes according to the procedures of RFC2412, except that our p is chosen randomly rather than via pi. The text from RFC2412 describing the virtues of this procedure follows: The primes for groups 1 and 2 were selected to have certain properties. The high order 64 bits are forced to 1. This helps the classical remainder algorithm, because the trial quotient digit can always be taken as the high order word of the dividend, possibly +1. The low order 64 bits are forced to 1. This helps the Montgomery- style remainder algorithms, because the multiplier digit can always be taken to be the low order word of the dividend. The middle bits are taken from the binary expansion of pi. This guarantees that they are effectively random, while avoiding any suspicion that the primes have secretly been selected to be weak. Because both primes are based on pi, there is a large section of overlap in the hexadecimal representations of the two primes. The primes are chosen to be Sophie Germain primes (i.e., (P-1)/2 is also prime), to have the maximum strength against the square-root attack on the discrete logarithm problem. The starting trial numbers were repeatedly incremented by 2^64 until suitable primes were located. Because these two primes are congruent to 7 (mod 8), 2 is a quadratic residue of each prime. All powers of 2 will also be quadratic residues. This prevents an opponent from learning the low order bit of the Diffie-Hellman exponent (AKA the subgroup confinement problem). Using 2 as a generator is efficient for some modular exponentiation algorithms. [Note that 2 is technically not a generator in the number theory sense, because it omits half of the possible residues mod P. From a cryptographic viewpoint, this is a virtue.]

Specified by:
initPrivateKey in class DHPrivateKey

keyAgree

public byte[] keyAgree(DHPublicKey pub,
                       boolean check)
Specified by:
keyAgree in class DHPrivateKey


Copyright (c) 1999-2001 Claymore Systems, Inc., All Rights Reserved.