> I will also apply the same change to P11DHPrivateKey/P11DHPublicKey then. > Equality check using ASN.1 encoding is fine for non-DH algorithms but not for > DH.
I cannot read the source codes now, but is it possible to implement the equals method right in the base interface using the JDK 8 default method feature? > >> >> For DHKeyPairGenerator.java, it looks like you don't want the first octet >> being zero. Is this related to this bug? Is that required in the "Handbook >> of Applied Cryptography" book? I understand it could be necessary for >> interop. > The change is for conforming to the description under section 7.1 > "Private-value generation" of PKCS#3 DH Key Agreement Standard > ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-3.asc , i.e. > > An integer x, the private value, shall be generated > privately and randomly. This integer shall satisfy 0< x< > p-1, unless the central authority specifies a private-value > length l, in which case the integer shall satisfy 2^(l-1)<= > x< 2^l. Great. I think you can add a reference to pkcs3. The current wording seems to say it's suggested by the Handbook. Thanks Max