使用RSA密钥的Diffie Hellman密钥协议? [英] Diffie Hellman key agreement using RSA keys?
问题描述
我想让2个当事方使用其公钥和私钥就同一秘密密钥达成一致。我不希望他们有任何互动。所以我在想 method(A.privKey,B.pubKey)给出与 method(B.privKey,A.pubKey)
我想知道当您使用 KeyPairGenerator.getInstance( RSA )
如果是这样,我该怎么做?还是我需要使用 KeyPairGenerator.getInstance( DH)?
我已经在线搜索了,但似乎找不到答案。
Diffie-Hellman和RSA背后的数学差异足够大,因此RSA密钥不能用于DH。
Diffie-Hellman
DH是一个密钥交换,给定两个密钥对,它将产生一个共享密钥。它不会直接加密数据。 (但是通过将DH与对称加密相结合来构建加密很容易。)
双方都同意一个组,在最简单的情况下,由 g定义和 p ,其中 p 是安全素数。
私钥只是数字 a ,相应的公钥 A 是 g ^ a mod p 。由于指数运算是可交换的,因此需要计算一个共享密钥,因此
A ^ b =(g ^ a)^ b = g ^(ab) =(g ^ b)^ a = B ^ a
要使此键对工作,两个密钥对都需要使用同一组。实现此目的最简单的方法是选择一个特定的组并将其硬编码到您的协议/应用程序中。
RSA
RSA用公用密钥加密消息 m ,生成密文 c 。因此,它仅使用一个密钥对,即接收者的密钥对。
私钥是固定的指数 e (通常为65537)和一对素数 p 和 q 。
相应的公钥为 e ,质数的乘积 n = p * q
通过计算 c = m ^ e mod n 进行加密,只有知道<$时才能被认可。 c $ c> p 和 q ,但是如果您只知道 n ,则不会。
比较
您可以使用RSA生成共享密钥,方法是生成一个随机密钥作为发送者,并使用接收者的公钥。这用于加密发送给收件人的邮件而无需交互。但是,由于发送者可以控制共享密钥,因此它不对发送者进行身份验证。因此,如果您不能使用RSA来实现非交互式可拒绝身份验证。但是您可以使用RSA签名邮件(但不要使用相同的密钥对进行签名和加密),从而为您提供不可否认的身份验证。
I want to have 2 parties agree on the same secret key using their public and private keys. I do not want them to have any interaction. So I'm thinking method(A.privKey, B.pubKey) gives the same number as method(B.privKey, A.pubKey)
I was wondering if the Diffie-Hellman key agreement algorithm works in Java when you use KeyPairGenerator.getInstance("RSA")
If so, how can I do this? Or do I need to use the KeyPairGenerator.getInstance("DH")?
I have searched online and can't seem to find the answer.
The mathematics behind Diffie-Hellman and RSA are different enough so that an RSA key can't work for DH.
Diffie-Hellman
DH is a key-exchange, it produces a shared key given two key-pairs. It doesn't encrypt data directly. (But it's easy to build encryption by combining DH with symmetric encryption).
Both sides agree on a group, in the simplest case defined by g and p where p is a safe prime.
A private key is simply a number a, the corresponding public key A is g^a mod p. A shared key an be computed since exponentiation is commutative, so
A^b = (g^a)^b = g^(ab) = (g^b)^a = B^a
For this to work both keypairs need to use the same group. The easiest way to achieve this is picking one particular group and hardcoding it into your protocol / application.
RSA
RSA encrypts a message m with the public key, producing a ciphertext c. So it only uses one key-pair, the key-pair of the recipient.
The private key is a fixed exponent e (typically 65537) and a pair of primes p and q.
The corresponding public key is e and the product of the primes n = p * q.
Encryption happens by computing c = m^e mod n which can be revered only if you know p and q but not if you only know n.
Comparison
You can produce a shared key using RSA by generating a random key as sender and encrypting it using the recipient's public key. This works for encrypting a message to the recipient without interaction. But it does not authenticate the sender since they can control the shared key. So if you can't use RSA to achieve non interactive deniable authentication. But you can sign the message with RSA (but don't use the same keypair for signing and encryption), giving you non repudiable authentication.
这篇关于使用RSA密钥的Diffie Hellman密钥协议?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
