[Philip.Hines@gd-ais.com: Using ECDH with OpenSSL]

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[Philip.Hines@gd-ais.com: Using ECDH with OpenSSL]

Lutz Jaenicke-2
Forwarded to openssl-users
----- Forwarded message from "Hines, Philip D." <[hidden email]> -----

X-Original-To: [hidden email]
X-Original-To: [hidden email]
Delivered-To: [hidden email]
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Subject: Using ECDH with OpenSSL
Date: Thu, 1 Dec 2005 15:07:10 -0500
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Using ECDH with OpenSSL
Thread-Index: AcX2sq3cTLQcxnmIRW63jpbDtzdhQg==
From: "Hines, Philip D." <[hidden email]>
To: [hidden email]
X-OriginalArrivalTime: 01 Dec 2005 20:07:09.0811 (UTC) FILETIME=[CFA31430:01C5F6B2]
X-Spam-Status: No, hits=5.8 required=6.9 tests=BAYES_99,HTML_70_80,
        HTML_MESSAGE autolearn=no version=2.63
X-Spam-Level: *****
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on
        mnblin01.mnb.gd-ais.com
X-Virus-Scanned: by amavisd 0.1
X-Virus-Scanned: by amavisd 0.1

Can you give me any pointers on using ECDH (and ECDSA if possible) with
OpenSSL?  I have been trying to find documentation, but I just can't
find any, and the code is not commented so it is hard to tell what I
need to do to use it.

 

Thanks,

Philip Hines

 


----- End forwarded message -----

--
Lutz Jaenicke                             [hidden email]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: [Philip.Hines@gd-ais.com: Using ECDH with OpenSSL]

Nils Larsch
,,,
> Can you give me any pointers on using ECDH (and ECDSA if possible) with
> OpenSSL?  I have been trying to find documentation, but I just can't
> find any, and the code is not commented so it is hard to tell what I
> need to do to use it.

C api or command line ? In case of the former I've added some
doxygen comments to the head (but I seems to have forgotten
the ecdh code ... need to fix that) so it's not totally uncommented.

Cheers,
Nils
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: [Philip.Hines@gd-ais.com: Using ECDH with OpenSSL]

Nils Larsch
In reply to this post by Lutz Jaenicke-2
Hines, Philip D. wrote:

> Using the C API.  I am working on a plugin for GAIM which uses ECDH for
> establishing encrypted sessions.  I think I figured out most of
> it...right now I can make it work locally, but the public and private
> keys are in structures with many pointers and I am having trouble
> getting the serialization functions working.  I am trying to use:
>
> /* de- and encoding functions for SEC1 ECPrivateKey */
> EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len);
> int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out);
> /* de- and encoding functions for EC parameters */
> EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len);
> int i2d_ECParameters(EC_KEY *a, unsigned char **out);
> /* de- and encoding functions for EC public key
>  * (octet string, not DER -- hence 'o2i' and 'i2o') */
> EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len);
> int i2o_ECPublicKey(EC_KEY *a, unsigned char **out);
>
> Part of the problem is that I am just guessing at the usage since there
> aren't very descriptive comments.  I assume that once each side has
> their keys generated they can serialize them using i2o_ECPublicKey and
> then send them across.  Then I assume that the other side can use
> o2i_ECPublicKey to recreate the key object and use it in ECDH.  Is that
> right?

this only works if the other side already has a EC_KEY key object
with the correct ec parameters in it (the ec parameters are not
included in encoded public key o2i_ECPublicKey creates but are
required for decoding).
You might use d2i|i2d_PUBKEY instead as these functions create an
encoded x509 algorithm id object which already includes the necessary
parameters.

Cheers,
Nils
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]