Problem with DH key derivation

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Problem with DH key derivation

Josh Shamir
Dear all,

I am trying DH key derivation by using OpenSSL commands. However, I got the following problem:

"140343063295640:error:0609B099:digital envelope routines:EVP_PKEY_derive_set_peer:different parameters:pmeth_fn.c:314:
Public Key operation error
140343063295640:error:0507006C:Diffie-Hellman routines:PKEY_DH_DERIVE:keys not set:dh_pmeth.c:436:"

Please find below the logs of the whole execution.

Thanks in advance.

Josh


$openssl dhparam -out dhparams.pem -2 1024
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
............................+...............................+...............................................................+.........................+.....................+...+....................+...................................+.....................................................................................................................+......................................................+........+..............................+...................+........................+...................+...........+.................................+..................................+.....+........................+.........................................................................................................................................+.................+.........................................................................+................................................+...........................................+.............................................+...........................................+........................+.....................................................................................................................................+.......+..........+.........+.....................................................................................+..........+..................+........................................................................+..................................................+.................+............+..........+.........+...............................+.+..........................................................+...........+....................................+...........................................................................................................................+..........+............................................+...................................................................................+...............................+...........................................+.................+....................+.................................................................+........................................................+....+........................................................................................+....++*++*++*

$ openssl dhparam -in dhparams.pem -text
    DH Parameters: (1024 bit)
        prime:
            00:b1:c7:28:66:0a:4d:05:3d:91:ce:76:ee:4a:b4:
            14:2b:f2:32:2c:ef:7a:66:33:40:a0:a8:e9:8b:97:
            82:7f:23:b2:23:6c:a5:47:8a:dc:41:d0:e3:c9:f6:
            4f:a9:a6:de:b1:9e:8e:23:e9:6e:5d:fa:6a:50:98:
            a9:f0:6b:72:15:1f:0a:77:a7:77:5e:cb:a0:67:8b:
            d7:a0:e6:99:4c:9d:e2:e4:8f:cf:1f:20:f4:25:00:
            a5:63:78:b8:18:06:4f:f4:c8:56:58:9f:81:a2:58:
            00:9e:57:33:77:83:cd:6b:19:d3:f1:08:c2:08:28:
            c1:72:99:63:bb:92:e3:34:63
        generator: 2 (0x2)
-----BEGIN DH PARAMETERS-----
MIGHAoGBALHHKGYKTQU9kc527kq0FCvyMizvemYzQKCo6YuXgn8jsiNspUeK3EHQ
48n2T6mm3rGejiPpbl36alCYqfBrchUfCnend17LoGeL16DmmUyd4uSPzx8g9CUA
pWN4uBgGT/TIVlifgaJYAJ5XM3eDzWsZ0/EIwggowXKZY7uS4zRjAgEC
-----END DH PARAMETERS-----

$ openssl genpkey -paramfile dhparams.pem -out dhkeyD.pem

$ openssl pkey -in dhkeyD.pem -text
-----BEGIN PRIVATE KEY-----
MIIBIQIBADCBlQYJKoZIhvcNAQMBMIGHAoGBALHHKGYKTQU9kc527kq0FCvyMizv
emYzQKCo6YuXgn8jsiNspUeK3EHQ48n2T6mm3rGejiPpbl36alCYqfBrchUfCnen
d17LoGeL16DmmUyd4uSPzx8g9CUApWN4uBgGT/TIVlifgaJYAJ5XM3eDzWsZ0/EI
wggowXKZY7uS4zRjAgECBIGDAoGARFU/WSRjg29qYlKybN303REnpra0s/DAeHpt
ET4sggJBZqd1q6zaymTBhn9Ox9HDxME/CucKZSrKDUJGlWSLvhwM4sBZIikhzUOs
WRAobTkEwP/Fiyq7QJi3vq1lfYZaSATHvccAQDuROC38Km3dkIjb6g4U5vUzxbo0
ATC7pIw=
-----END PRIVATE KEY-----
DH Private-Key: (1024 bit)
    private-key:
        44:55:3f:59:24:63:83:6f:6a:62:52:b2:6c:dd:f4:
        dd:11:27:a6:b6:b4:b3:f0:c0:78:7a:6d:11:3e:2c:
        82:02:41:66:a7:75:ab:ac:da:ca:64:c1:86:7f:4e:
        c7:d1:c3:c4:c1:3f:0a:e7:0a:65:2a:ca:0d:42:46:
        95:64:8b:be:1c:0c:e2:c0:59:22:29:21:cd:43:ac:
        59:10:28:6d:39:04:c0:ff:c5:8b:2a:bb:40:98:b7:
        be:ad:65:7d:86:5a:48:04:c7:bd:c7:00:40:3b:91:
        38:2d:fc:2a:6d:dd:90:88:db:ea:0e:14:e6:f5:33:
        c5:ba:34:01:30:bb:a4:8c
    public-key:
        55:10:23:26:8c:2b:15:8f:e1:d7:28:48:ad:a9:c8:
        53:19:34:b8:7f:ed:c5:f1:e7:b6:e2:cd:b2:08:d8:
        0c:71:7b:68:fd:8c:1a:85:92:31:c0:45:7f:3b:cf:
        33:a6:67:21:cf:1b:71:30:a5:d9:f4:cf:de:e5:52:
        0e:d7:dd:52:2a:ae:fc:e2:79:20:64:34:76:0a:92:
        90:c2:90:75:aa:2c:f7:58:19:40:cd:ed:d5:dd:7f:
        9e:90:36:fa:dc:83:c8:e5:41:89:3e:8c:f7:87:86:
        3b:a6:98:01:82:ed:b7:36:24:84:b8:32:63:8f:13:
        4b:b3:96:79:d0:80:30:09
    prime:
        00:b1:c7:28:66:0a:4d:05:3d:91:ce:76:ee:4a:b4:
        14:2b:f2:32:2c:ef:7a:66:33:40:a0:a8:e9:8b:97:
        82:7f:23:b2:23:6c:a5:47:8a:dc:41:d0:e3:c9:f6:
        4f:a9:a6:de:b1:9e:8e:23:e9:6e:5d:fa:6a:50:98:
        a9:f0:6b:72:15:1f:0a:77:a7:77:5e:cb:a0:67:8b:
        d7:a0:e6:99:4c:9d:e2:e4:8f:cf:1f:20:f4:25:00:
        a5:63:78:b8:18:06:4f:f4:c8:56:58:9f:81:a2:58:
        00:9e:57:33:77:83:cd:6b:19:d3:f1:08:c2:08:28:
        c1:72:99:63:bb:92:e3:34:63
    generator: 2 (0x2)

$ openssl pkey -in dhkeyD.pem -pubout -out dhpubD.pem
$ openssl pkey -pubin -in dhpubD.pem -text
-----BEGIN PUBLIC KEY-----
MIIBHzCBlQYJKoZIhvcNAQMBMIGHAoGBALHHKGYKTQU9kc527kq0FCvyMizvemYz
QKCo6YuXgn8jsiNspUeK3EHQ48n2T6mm3rGejiPpbl36alCYqfBrchUfCnend17L
oGeL16DmmUyd4uSPzx8g9CUApWN4uBgGT/TIVlifgaJYAJ5XM3eDzWsZ0/EIwggo
wXKZY7uS4zRjAgECA4GEAAKBgFUQIyaMKxWP4dcoSK2pyFMZNLh/7cXx57bizbII
2Axxe2j9jBqFkjHARX87zzOmZyHPG3Ewpdn0z97lUg7X3VIqrvzieSBkNHYKkpDC
kHWqLPdYGUDN7dXdf56QNvrcg8jlQYk+jPeHhjummAGC7bc2JIS4MmOPE0uzlnnQ
gDAJ
-----END PUBLIC KEY-----
DH Public-Key: (1024 bit)
    public-key:
        55:10:23:26:8c:2b:15:8f:e1:d7:28:48:ad:a9:c8:
        53:19:34:b8:7f:ed:c5:f1:e7:b6:e2:cd:b2:08:d8:
        0c:71:7b:68:fd:8c:1a:85:92:31:c0:45:7f:3b:cf:
        33:a6:67:21:cf:1b:71:30:a5:d9:f4:cf:de:e5:52:
        0e:d7:dd:52:2a:ae:fc:e2:79:20:64:34:76:0a:92:
        90:c2:90:75:aa:2c:f7:58:19:40:cd:ed:d5:dd:7f:
        9e:90:36:fa:dc:83:c8:e5:41:89:3e:8c:f7:87:86:
        3b:a6:98:01:82:ed:b7:36:24:84:b8:32:63:8f:13:
        4b:b3:96:79:d0:80:30:09
    prime:
        00:b1:c7:28:66:0a:4d:05:3d:91:ce:76:ee:4a:b4:
        14:2b:f2:32:2c:ef:7a:66:33:40:a0:a8:e9:8b:97:
        82:7f:23:b2:23:6c:a5:47:8a:dc:41:d0:e3:c9:f6:
        4f:a9:a6:de:b1:9e:8e:23:e9:6e:5d:fa:6a:50:98:
        a9:f0:6b:72:15:1f:0a:77:a7:77:5e:cb:a0:67:8b:
        d7:a0:e6:99:4c:9d:e2:e4:8f:cf:1f:20:f4:25:00:
        a5:63:78:b8:18:06:4f:f4:c8:56:58:9f:81:a2:58:
        00:9e:57:33:77:83:cd:6b:19:d3:f1:08:c2:08:28:
        c1:72:99:63:bb:92:e3:34:63
    generator: 2 (0x2)

$ openssl pkeyutl -derive -inkey dhkeyD.pem -peerkey dhpubm.pem -out segreto1.bin
140343063295640:error:0609B099:digital envelope routines:EVP_PKEY_derive_set_peer:different parameters:pmeth_fn.c:314:
Public Key operation error
140343063295640:error:0507006C:Diffie-Hellman routines:PKEY_DH_DERIVE:keys not set:dh_pmeth.c:436:
$




--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Problem with DH key derivation

Matt Caswell-2


On 28/04/17 08:07, Josh Shamir wrote:

> Dear all,
>
> I am trying DH key derivation by using OpenSSL commands. However, I got
> the following problem:
>
> "140343063295640:error:0609B099:digital envelope
> routines:EVP_PKEY_derive_set_peer:different parameters:pmeth_fn.c:314:
> Public Key operation error
> 140343063295640:error:0507006C:Diffie-Hellman
> routines:PKEY_DH_DERIVE:keys not set:dh_pmeth.c:436:"

...

> $ openssl pkeyutl -derive -inkey dhkeyD.pem -peerkey dhpubm.pem -out
> segreto1.bin

What are the parameters used for dhpubm.pem? The parameters used for
that and for dhkeyD.pem must be the same - but you have generated a
completely new set of parameters in the steps above.

Get hold of the parameters for dhpubm.pem and regenerate a fresh DH key
based on those params. You should then be able to derive.

Matt
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Problem with DH key derivation

Josh Shamir
Thank you very much Matt!

You solved my problem.

Best regards,

Josh

On Fri, Apr 28, 2017 at 11:04 AM, Matt Caswell <[hidden email]> wrote:


On 28/04/17 08:07, Josh Shamir wrote:
> Dear all,
>
> I am trying DH key derivation by using OpenSSL commands. However, I got
> the following problem:
>
> "140343063295640:error:0609B099:digital envelope
> routines:EVP_PKEY_derive_set_peer:different parameters:pmeth_fn.c:314:
> Public Key operation error
> 140343063295640:error:0507006C:Diffie-Hellman
> routines:PKEY_DH_DERIVE:keys not set:dh_pmeth.c:436:"

...

> $ openssl pkeyutl -derive -inkey dhkeyD.pem -peerkey dhpubm.pem -out
> segreto1.bin

What are the parameters used for dhpubm.pem? The parameters used for
that and for dhkeyD.pem must be the same - but you have generated a
completely new set of parameters in the steps above.

Get hold of the parameters for dhpubm.pem and regenerate a fresh DH key
based on those params. You should then be able to derive.

Matt
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users