[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-ssl] setDHParameter / DHParameterSpec / anyone got some primes?



Hello,

When you use ephemeral DH with DSA certificates, you need to specify the
DHParameterSpec with the call SSLServerContext.setDHParameter. If you
don't, you get a NullPointerException with no further explanation.

I think that:

a) this could be documented better and
b) a check for this situation in the SSL code that generates a
meaningful exception would be warranted; a DH key exchange doesn't occur
very often so the two-line check would not take too much time,
relatively.

I have another problem. Normally when generating a DH KeyPair with a a
KeyPair generator, you just specify the number of bits you want.
However, if you specify a DHParameterSpec, you need to supply a n-bit
prime number.

I haven't seen a prime generator in the API (and for DH, you don't need
a random prime, just a big prime with some special properties).

I have primes of 512 bits length and 2048 bits length. The demo source
code only contains a 512-bit prime. Does anyone have 768-bit and
1024-bit Diffie-Hellman suitable primes?

Regards,
  Erwin Bolwidt


--
Mailinglist-archive at http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-ssl/maillist.html

To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the folowing content: UNSUBSCRIBE iaik-ssl