COM.claymoresystems.ptls
Class SSLDHPrivateKey
java.lang.Object
COM.claymoresystems.crypto.DHPrivateKey
COM.claymoresystems.ptls.SSLDHPrivateKey
- All Implemented Interfaces:
- java.io.Serializable, java.security.Key, java.security.PrivateKey
public class SSLDHPrivateKey
- extends DHPrivateKey
- See Also:
- Serialized Form
Fields inherited from interface java.security.PrivateKey |
serialVersionUID |
Method Summary |
void |
initPrivateKey(java.math.BigInteger g_,
java.math.BigInteger p_,
java.security.SecureRandom rand_)
|
void |
initPrivateKey(java.security.SecureRandom rand_,
int keylength,
boolean sg)
Generate a DH private key. |
byte[] |
keyAgree(DHPublicKey pub,
boolean check)
|
Methods inherited from class COM.claymoresystems.crypto.DHPrivateKey |
getAlgorithm, getEncoded, getFormat, getg, getgBytes, getInstance, getp, getpBytes, getX, getY, getYBytes, toBytes |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
SSLDHPrivateKey
public SSLDHPrivateKey()
initPrivateKey
public void initPrivateKey(java.math.BigInteger g_,
java.math.BigInteger p_,
java.security.SecureRandom rand_)
- Specified by:
initPrivateKey
in class DHPrivateKey
initPrivateKey
public void initPrivateKey(java.security.SecureRandom rand_,
int keylength,
boolean sg)
- Generate a DH private key.
We generate the parameters in one of two modes:
1. If sg is false, then we simply generate a large p
and check that it's a generator using the trick of
checking the p % 24 == 11 (From Phil Karn via OpenSSL).
2. If sg is true, then we generate Sophie-Germain primes
according to the procedures
of RFC2412, except that our p is chosen randomly rather
than via pi.
The text from RFC2412 describing the virtues of this procedure
follows:
The primes for groups 1 and 2 were selected to have certain
properties. The high order 64 bits are forced to 1. This helps the
classical remainder algorithm, because the trial quotient digit can
always be taken as the high order word of the dividend, possibly +1.
The low order 64 bits are forced to 1. This helps the Montgomery-
style remainder algorithms, because the multiplier digit can always
be taken to be the low order word of the dividend. The middle bits
are taken from the binary expansion of pi. This guarantees that they
are effectively random, while avoiding any suspicion that the primes
have secretly been selected to be weak.
Because both primes are based on pi, there is a large section of
overlap in the hexadecimal representations of the two primes. The
primes are chosen to be Sophie Germain primes (i.e., (P-1)/2 is also
prime), to have the maximum strength against the square-root attack
on the discrete logarithm problem.
The starting trial numbers were repeatedly incremented by 2^64 until
suitable primes were located.
Because these two primes are congruent to 7 (mod 8), 2 is a quadratic
residue of each prime. All powers of 2 will also be quadratic
residues. This prevents an opponent from learning the low order bit
of the Diffie-Hellman exponent (AKA the subgroup confinement
problem). Using 2 as a generator is efficient for some modular
exponentiation algorithms. [Note that 2 is technically not a
generator in the number theory sense, because it omits half of the
possible residues mod P. From a cryptographic viewpoint, this is a
virtue.]
- Specified by:
initPrivateKey
in class DHPrivateKey
keyAgree
public byte[] keyAgree(DHPublicKey pub,
boolean check)
- Specified by:
keyAgree
in class DHPrivateKey
Copyright (c) 1999-2001 Claymore Systems, Inc., All Rights Reserved.