The Java Developers Almanac 1.4


Order this book from Amazon.

   
Home > List of Packages > javax.crypto  [14 examples] > Key Agreement  [2 examples]

e471. Generating a Secret Key Using the Diffie-Hellman Key Agreement Algorithm

Two parties use a key agreement protocol to generate identical secret keys for encryption without ever having to transmit the secret key. The protocol works by both parties agreeing on a set of values (a prime, a base, and a private value) which are used to generate a key pair. e470 Generating a Parameter Set for the Diffie-Hellman Key Agreement Algorithm demonstrates how to generate the set of values.

This example uses the set of values and generates a key pair. The public key is then exchanged with the other party and the secret key is generated.

    // Retrieve the prime, base, and private value for generating the key pair.
    // If the values are encoded as in
    // e470 Generating a Parameter Set for the Diffie-Hellman Key Agreement Algorithm,
    // the following code will extract the values.
    String[] values = valuesInStr.split(",");
    BigInteger p = new BigInteger(values[0]);
    BigInteger g = new BigInteger(values[1]);
    int l = Integer.parseInt(values[2]);
    
    try {
        // Use the values to generate a key pair
        KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DH");
        DHParameterSpec dhSpec = new DHParameterSpec(p, g, l);
        keyGen.initialize(dhSpec);
        KeyPair keypair = keyGen.generateKeyPair();
    
        // Get the generated public and private keys
        PrivateKey privateKey = keypair.getPrivate();
        PublicKey publicKey = keypair.getPublic();
    
        // Send the public key bytes to the other party...
        byte[] publicKeyBytes = publicKey.getEncoded();
    
        // Retrieve the public key bytes of the other party
        publicKeyBytes = ...;
    
        // Convert the public key bytes into a PublicKey object
        X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(publicKeyBytes);
        KeyFactory keyFact = KeyFactory.getInstance("DH");
        publicKey = keyFact.generatePublic(x509KeySpec);
    
        // Prepare to generate the secret key with the private key and public key of the other party
        KeyAgreement ka = KeyAgreement.getInstance("DH");
        ka.init(privateKey);
        ka.doPhase(publicKey, true);
    
        // Specify the type of key to generate;
        // see e458 Listing All Available Symmetric Key Generators
        String algorithm = "DES";
    
        // Generate the secret key
        SecretKey secretKey = ka.generateSecret(algorithm);
    
        // Use the secret key to encrypt/decrypt data;
        // see e462 Encrypting a String with DES
    } catch (java.security.InvalidKeyException e) {
    } catch (java.security.spec.InvalidKeySpecException e) {
    } catch (java.security.InvalidAlgorithmParameterException e) {
    } catch (java.security.NoSuchAlgorithmException e) {
    }

 Related Examples
e470. Generating a Parameter Set for the Diffie-Hellman Key Agreement Algorithm

See also: Encrypting and Decrypting    MAC    Symmetric Keys   


© 2002 Addison-Wesley.