I would suggest that you examine RFC 2631 (section 2.1.1) or Secure Programming Cookbook by Viega & Messier (Section 8.17) for information on this topic.
Typically with DH, two parties (A and B) wish to compute a shared secret. Each computes a private & public key pair, exchange public keys and then use their private key with the others public key to compute a shared secret. So, if xa and xb are the private keys of A and B, and ya and yb are the public keys of A and B, then SS = (yb ^ xa) mod p = (ya ^ xb) mod p Usually the value SS is combined with other information as input to a Key Derivation Function to generate as many bits as are required for the application. Another reference is NIST Special Publication 800-56A (chapter 6) http://csrc.nist.gov/publications/nistpubs/800-56A/SP800-56A_Revision1_M ar08-2007.pdf Bill ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Agustin Cozzetti Sent: December 15, 2007 12:15 PM To: openssl-users@openssl.org Subject: RE: Doubt about the use and initialization of DH struct Thank you for your reply!!! I have another question about this topic. I need to generate a shared secret which size 16 byte, using a DH_compute_key() function. How can i manage that size???? Should I use a 16 byte dh->p???? Thank you for your help, Hector Agustin Cozzetti
