Developers Planet

sandeep_banisetti February 2016

Key derivation function for Shared secret generated by diffie hellman key exchange

How do i use the shared secret genrated by diffie hellman key exchange further, for key derivation function.

This is my code:

``````KeyPairGenerator keyGen = KeyPairGenerator.getInstance("ECDH", "BC");

ECGenParameterSpec ecsp;
ecsp = new ECGenParameterSpec("secp192r1");

keyGen.initialize(ecsp, new SecureRandom());
// Generate RSA Assymetric KeyPair
KeyPair alice_pair = keyGen.generateKeyPair();
// Extract Public Key
PublicKey alice_pub =  alice_pair.getPublic();
// Extract Private Key
PrivateKey alice_pvt = alice_pair.getPrivate();

KeyAgreement alice_agreement =    KeyAgreement.getInstance("ECDH","BC");
alice_agreement.init(alice_pair.getPrivate());
alice_agreement.doPhase(bob_pub, true);
byte[] alice_secret = alice_agreement.generateSecret();
SecretKeySpec alice_aes = new SecretKeySpec(alice_secret, "AES");

// Create KeyAgreement for Bob
KeyAgreement bob_agreement = KeyAgreement.getInstance("ECDH","BC");
bob_agreement.init(bob_pvt);
bob_agreement.doPhase(alice_pub, true);
``````

Can the shared secret can be ECC curve point?

vojta February 2016

The resulting shared secret is always a curve point. That is why you shouldn't work with the ECDH secret directly, because just a few secrets from the whole space of all secrets are curve points and some bits from the result are "weak" - predictable with the knowledge of the chosen elliptic curve.

You should do following steps to get a secret AES key:

1. Hash the result of ECDH with some secure hash algorithm (SHA256, SHA512).
2. Take the first 16 bytes of the hash
3. Create an AES key.

Note:

You are using Bouncy Castle crypto provider. According to its documentation and the source code, the shared secret result you get is the X affine coordinate of your desired EC point (an instance of `java.math.BigInteger`) encoded as a byte array.