Validating diffie hellman public private keys
Elliptic curve Diffie–Hellman (ECDH) is an anonymous key agreement protocol that allows two parties, each having an elliptic curve public–private key pair, to establish a shared secret over an insecure channel.
This shared secret may be directly used as a key, or to derive another key.
The key, or the derived key, can then be used to encrypt subsequent communications using a symmetric key cipher.
It is a variant of the Diffie–Hellman protocol using elliptic curve cryptography.
Acknowledgement Funding for the RFC Editor function is currently provided by the Internet Society.
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
There are several ways to provide these additional measures (e.g.
The method includes obtaining the public key, and verifying, by the computing device, that the obtained public key is a point on an elliptic curve defined over a finite field, the... In key transport protocols a Correspondent A may inadvertently send its symmetric key to the wrong party.
This worries me that people are using this code as a template for building real ECDHE key agreement, when it was only intended as a guide to the Java API.
There are a of details in safe construction of such a protocol.
The following example will illustrate how a key establishment is made.
Suppose Alice wants to establish a shared key with Bob, but the only channel available for them may be eavesdropped by a third party. The only information about her private key that Alice initially exposes is her public key.
Update 2 (17th May, 2017): I’ve written some notes on correctly validating ECDH public keys.