Re: problem with key agreement

Jan Luehe (Jan.Luehe@Eng)
Fri, 30 Jan 1998 11:14:27 -0800 (PST)

Date: Fri, 30 Jan 1998 11:14:27 -0800 (PST)
From: Jan Luehe <Jan.Luehe@Eng>
Subject: Re: problem with key agreement
To: java-security@web1.javasoft.com, mac@tts.dowjones.com

John:

> Date: Fri, 30 Jan 1998 14:09:17 -0500
> From: john MacNeille <mac@tts.dowjones.com>
> Mime-Version: 1.0
> To: java-security@web1.javasoft.com
> Subject: problem with key agreement
>
> I am getting a InvalidKeyAgreement exception during phase 2 of
> the example in the jce documentation. Is there a working example
> available?

The problem in your example is that Alice and Bob use different
DH parameters (they both generate random ones!).

This is why you get the following exception:

Actions::generateSecret 5 java.security.InvalidKeyException: Incompatible
parameters

(Note the "incompatible parameters"!)

The example in the JCE doc says that Bob uses the same parameters as
Alice:

// Meanwhile, Bob has created his own Diffie-Hellman key pair.
// He has initialized his key pair generator with the
// Diffie-Hellman parameters that he retrieved from Alice's
// public key.

> also the KeyPairGenerator initialize call with 1024 never returns but
> does so
> with 16.

It will return eventually. Choosing a strong prime modulus "p" takes
most of the time!

You can speed up the key generation by using pre-generated
Diffie-Hellman parameters (e.g., the ones defined by SKIP).

Usually, the Diffie-Hellman parameters are defined by some
central authority (which generated them once only), and are
not generated on a per-connection basis.

Try to initialize both Alice's and Bob's DH KeyPairGenerator as
follows, and your key agreement will work.

Jan

============================================================


DHParameterSpec dhParamSpec = new DHParameterSpec
(skip1024Modulus, skip1024Base);
KeyPairGenerator kpairGen = KeyPairGenerator.getInstance("DH");
kpairGen.initialize(dhParamSpec);
KeyPair kpair = kpairGen.generateKeyPair();

// The 1024 bit Diffie-Hellman modulus values used by SKIP
private static final byte skip1024ModulusBytes[] = {
(byte)0xF4, (byte)0x88, (byte)0xFD, (byte)0x58,
(byte)0x4E, (byte)0x49, (byte)0xDB, (byte)0xCD,
(byte)0x20, (byte)0xB4, (byte)0x9D, (byte)0xE4,
(byte)0x91, (byte)0x07, (byte)0x36, (byte)0x6B,
(byte)0x33, (byte)0x6C, (byte)0x38, (byte)0x0D,
(byte)0x45, (byte)0x1D, (byte)0x0F, (byte)0x7C,
(byte)0x88, (byte)0xB3, (byte)0x1C, (byte)0x7C,
(byte)0x5B, (byte)0x2D, (byte)0x8E, (byte)0xF6,
(byte)0xF3, (byte)0xC9, (byte)0x23, (byte)0xC0,
(byte)0x43, (byte)0xF0, (byte)0xA5, (byte)0x5B,
(byte)0x18, (byte)0x8D, (byte)0x8E, (byte)0xBB,
(byte)0x55, (byte)0x8C, (byte)0xB8, (byte)0x5D,
(byte)0x38, (byte)0xD3, (byte)0x34, (byte)0xFD,
(byte)0x7C, (byte)0x17, (byte)0x57, (byte)0x43,
(byte)0xA3, (byte)0x1D, (byte)0x18, (byte)0x6C,
(byte)0xDE, (byte)0x33, (byte)0x21, (byte)0x2C,
(byte)0xB5, (byte)0x2A, (byte)0xFF, (byte)0x3C,
(byte)0xE1, (byte)0xB1, (byte)0x29, (byte)0x40,
(byte)0x18, (byte)0x11, (byte)0x8D, (byte)0x7C,
(byte)0x84, (byte)0xA7, (byte)0x0A, (byte)0x72,
(byte)0xD6, (byte)0x86, (byte)0xC4, (byte)0x03,
(byte)0x19, (byte)0xC8, (byte)0x07, (byte)0x29,
(byte)0x7A, (byte)0xCA, (byte)0x95, (byte)0x0C,
(byte)0xD9, (byte)0x96, (byte)0x9F, (byte)0xAB,
(byte)0xD0, (byte)0x0A, (byte)0x50, (byte)0x9B,
(byte)0x02, (byte)0x46, (byte)0xD3, (byte)0x08,
(byte)0x3D, (byte)0x66, (byte)0xA4, (byte)0x5D,
(byte)0x41, (byte)0x9F, (byte)0x9C, (byte)0x7C,
(byte)0xBD, (byte)0x89, (byte)0x4B, (byte)0x22,
(byte)0x19, (byte)0x26, (byte)0xBA, (byte)0xAB,
(byte)0xA2, (byte)0x5E, (byte)0xC3, (byte)0x55,
(byte)0xE9, (byte)0x2F, (byte)0x78, (byte)0xC7
};

// The SKIP 1024 bit modulus
private static final BigInteger skip1024Modulus = new BigInteger
(1, skip1024ModulusBytes);

// The base used with the SKIP 1024 bit modulus
private static final BigInteger skip1024Base = BigInteger.valueOf(2);