On Fri, Dec 28, 2012 at 3:37 PM, Hemayamini Kurra <hemayaminiku...@email.arizona.edu> wrote: > Hello!! > > I am implementing DH algorithm using OpenSSL library. > My scenario is - > using DH key exchange algorithm for key generation and exchange between > client and server. Using DSA for two way authentication. > server: Could be tricky to get right, especially when you need semantic authentication over the process.
> I have generated DH parameters using DH_generate_parameters() > I have generated the public and private keys using DH_generate_key() Don't forget to validate the key. If you don't validate a key, you cannot use it. For encryption, that means you don't apply your secret to an unvalidated key; and for signatures, you don't trust the outcome of the verification process. GnuPG is a special case. They used Lim-Lee primes and they can't be validated without obtaining the unique factorization. I would recommend asking for a key composed of a strong or safe prime or refuse to process their data (but I've always been defensive/paranoid). > I am using TCP socket programming in c to send the prime generator and > ... > > I am getting "segmentation fault". That sounds like a network programming problem. Have you been through W. Richard Stevens' "TCP/IP Illustrated" or "UNIX Network Programming"? Jeff ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
