[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

*To*: iaik-ssl@iaik.tu-graz.ac.at*Subject*: [iaik-ssl] setDHParameter / DHParameterSpec / anyone got some primes?*From*: Erwin Bolwidt <ejb@tryllian.com>*Date*: Fri, 15 Oct 1999 14:39:27 +0200*Organization*: Tryllian*Sender*: iaik-ssl-owner@iaik.tu-graz.ac.at

Hello, When you use ephemeral DH with DSA certificates, you need to specify the DHParameterSpec with the call SSLServerContext.setDHParameter. If you don't, you get a NullPointerException with no further explanation. I think that: a) this could be documented better and b) a check for this situation in the SSL code that generates a meaningful exception would be warranted; a DH key exchange doesn't occur very often so the two-line check would not take too much time, relatively. I have another problem. Normally when generating a DH KeyPair with a a KeyPair generator, you just specify the number of bits you want. However, if you specify a DHParameterSpec, you need to supply a n-bit prime number. I haven't seen a prime generator in the API (and for DH, you don't need a random prime, just a big prime with some special properties). I have primes of 512 bits length and 2048 bits length. The demo source code only contains a 512-bit prime. Does anyone have 768-bit and 1024-bit Diffie-Hellman suitable primes? Regards, Erwin Bolwidt -- Mailinglist-archive at http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-ssl/maillist.html To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the folowing content: UNSUBSCRIBE iaik-ssl

- Prev by Date:
**Re: [iaik-ssl] SSL_RSA_WITH_NULL_MD5 iSaSiLk v3.0 beta2** - Next by Date:
**RE: [iaik-ssl] SSL_RSA_WITH_NULL_MD5 iSaSiLk v3.0 beta2** - Prev by thread:
**RE: [iaik-ssl] Verisign Global ID** - Next by thread:
**[iaik-ssl] SSL Handshake oddities** - Index(es):