In the JCE, these algorithms are represented by the KeyAgreement class (javax.crypto.KeyAgreement): The test of the arithmetic library will be a little more difficult because the conditions that cause an overflow may not occur naturally. The representations used for Curve25519 and Curve448 must be developed with strict mathematical evidence that they do not overflow. This evidence contains marginal conditions related to any underlying process (add, multiply, wear, reduce) that can be incorporated into regression tests. A new KeyAgreement object, which encapsulaates the implementation of KeyAgreementSpi from the specified provider, is returned. The listed supplier must be on the security provider`s list. . RFC 7748 is only implemented in the SunEC provider. This CEP is not intended to implement this standard in other providers. AlgorithmParameterSpec: A new class called NamedParameterSpec is used to specify the curve used (X25519 or X448). This class uses only one default name to specify a set of settings, and it is intended to be reused by other algorithms that use named settings. It could be used z.B for groups named in (finished field) Diffie-Hellman. NamedParameterSpec is inserted into the class hierarchy above ECGenParameterSpec, so ECGenParameterSpec is also a namedParameterSpec.
I have a Hellman Diffie security class like this: the X25519 and X448 functions are implemented as described in RFC 7748, and these features are used to implement new keyAgrement, KeyFactory and KeyPair services in the existing SunEC provider. The implementation will use the Montgomery constant scale method described in RFC 7748 to prevent lateral attacks. Implementation ensures behavior by comparing the result to 0 as described in the RFC. RFC 7748 defines a more efficient and secure key chord pattern than the existing diffie-hellman elliptical curve scheme (ECDH). The main objective of this PEC is an API and an implementation for this standard. Other implementation goals: Implementation in SunEC does not support any domain setting. The JCA API should allow you to specify any domain setting by extending it. Such an enlargement does not come within the scope of this CEP.
For the rest, despite its complexity, this example uses only many techniques that we used in this book. Keys are generated, they are transmitted to neutral (coded), they are reformed by their recipient, and b oth pages can be continued. Prepare a module for the implementation of a key tuning algorithm. This class allows two cooperating parties to generate the same secret key, while parties that have nothing to do with the agreement generate the same key. However, with the symmetrical key we have introduced in this chapter, the pier problem is even more difficult to solve because both parties need access to the same key. The question then arises as to how this key can be safely transferred between the two parties so that only these parties have access to the key. Bob and Alice turn their secret keys into a DES key. As a module class, this class does not have designers, but it has the usual method for recovering class instances: The JCA API for RFC 7748 uses the name “XDH” to identify all services related to this mechanism (KeyAgrement, KeyPairGenerator, KeyPair, KeyFactory, etc.).
Algorithm names “X25519” and “X448” are also defined to mean XDH with Curve25519 and Curve448 respectively. This allows for a convenient shortcut (z.B. KeyPairGenerator.getInstance (“X448”) that also makes it easier to find a supplier that supports the desired curve. Names such as “X25519” and “X448” should not simply be aliases of “XDH” —the service returned for these names should be booted with the right curve, and it can refuse all keys that use another curve.