What method KeyAgreement.generateSecret(String algorithm) does?

3
votes

We implemented Diffie-Hellman Key Exchange algorithm:

KeyAgreement aKeyAgree = KeyAgreement.getInstance("DH");

keyAgreement.init(myPrivateKey);
keyAgreement.doPhase(otherPublicKey)

Now we need to generate a secret to use for AES encryption. There is method generateSecret(String algorithm). I think I should call it with 'AES' argument.

But for DH I use 512-bit length public keys so the secret should be 512-bit length too. But AES allows 256-bit length keys as the maximum. The plain method generateSecret() without parameters returns 512-bit DH secret. But what generateSecret(String) does? How it transforms 512-bit secret to 256/128-bit AES key?

2
javasecurityencryption
DH needs keys that are about as long as RSA keys. Hence use keys that are at least 1024 bits long. From the generated DH secret generate an AES key by using a hash function, for example SHA-256. - abc

2 Answers

4
votes

Diffie-Hellman is a key agreement protocol; AES is a symmetric encryption algorithm.

The no-argument generateSecret() call provides a key of the default size for the key agreement algorithm. Passing the algorithm name to generateSecret will give you a key with the appropriate size for your algorithm (i.e. shortened to 256 bits for AES).

I found a page that shows an example.

http://www.exampledepot.com/egs/javax.crypto/KeyAgree.html

I would expect you can just replace "DES" in the example with "AES" or whatever symmetric key algorithm you'd like to use.

0
votes

This method just truncate generatedSecret().