Need help with Diffie-Hellman key-exchange protocol

Similar Messages

• Question on determining key strength (Diffie-Hellman Key Exchange)

  Greetings everyone!
  Im working on my thesis which implements the use of the Diffie-Hellman key exchange. One problem that I encounter was how to assess and evaluate its strength given N-size of the public keys used. Does anyone know what is the recommended key size to achieve security with the Diffie-Hellman key exchange? And in what way was it determined?
  Sincerely,
  Paolo Ferrer

  Well, Diffie-Hellman is a key exchange protocol, not a cypher. If you mean RSA, then the recommended minimum is 2048 bits. This is determined by estimating the amount of time it would take to break a shorter key by brute force. 256 bits can be broken on a PC in hours. 512 can be broken on several hundred PCs over a couple of days (this is all very rough stuff). 1024 could theoretically be broken by a computer that might be built in the next decade or so in under a decade so - or something like that. So, 2048 is the rule of thumb - but it depends what you need it for. To send a secure message to your grandmother, it's unlikely the whole world will pool their resources to learn the text of your message in 10 years.
  If, on the other hand, this is an email to your Justice department's Whitehouse liaison, you might want 4096 bits.
  Look up "Diffie Hellman Key Exchange" and RSA on wikipedia.org for some good references.

• Diffie-Hellman Key Exchange Problem

  I am working on a program that will allow encrypted communication between two parties, and I am using the Diffie-Hellman key exchange to computer their secret keys, whenever I use this algorithm the key exchange goes fine but when I try to use KeyAgreement.doPhase() to perform the final phase I get an "InvalidKeyException: Incompatible Paramters" can anyone tell me what is going on, any help is greatly appreciated:
  //Server
  static void DHDoKeyExchange() {
            try {
                 PublicKey theirPublicKey = null;
                 System.out.println("Exchanging Keys...");
                 System.out.println("\t-Generating KeyPair.");
                 KeyPairGenerator kpg = KeyPairGenerator.getInstance("DH");
                 kpg.initialize(dhparameters);
                 KeyPair keyPair = kpg.genKeyPair();
                 System.out.println("\t-Exchanging.");
                 theirPublicKey = (PublicKey)ois.readObject();
                 oos.writeObject(keyPair.getPublic());
                 KeyAgreement ka = KeyAgreement.getInstance("DH");
                 ka.init(keyPair.getPrivate());
                 ka.doPhase(theirPublicKey, true);
                 secret = ka.generateSecret();                              
                 System.out.println("\t-Done!\n");
            } catch(Exception e) {
                 e.printStackTrace();
  //Client
  static void DHDoKeyExchange() {
            try {
                 PublicKey theirPublicKey = null;
                 System.out.println("Exchanging Keys...");
                 System.out.println("\t-Generating KeyPair.");
                 KeyPairGenerator kpg = KeyPairGenerator.getInstance("DH");
                 kpg.initialize(dhparameters);
                 KeyPair keyPair = kpg.genKeyPair();
                 System.out.println("\t-Exchanging.");
                 oos.writeObject(keyPair.getPublic());
                 theirPublicKey = (PublicKey)ois.readObject();
                 KeyAgreement ka = KeyAgreement.getInstance("DH");
                 ka.init(keyPair.getPrivate());
                 ka.doPhase(theirPublicKey, true);
                 secret = ka.generateSecret();
                 System.out.println("\t-Done!\n");
            } catch(Exception e) {
                 e.printStackTrace();
       }

  Given that the error is "Invalid Parameters", you might want to show us how "dhparameters" is being set up on both sides...
  Grant

• About Diffie-Hellman Key Exchange Algorihtm

  Hi... experts. I've got a problem about Diffie-Hellman Key Exchange. Is that possible to actually exchange a secret session key via Diffie-Hellman Key Exchange? or the secret session key (g^xy) is actually generated after the exchange of g^x and g^y by the two parties? My project supervisor made me confused with it, he is sure that the first case can be done. Please give me some ideas... Thanks a lot!!!
  Regards,
  Yating

  ejp, thanks for the reply!
  What is exchanged is the
  means by which it can be independently and
  identically calculated by both parties.That's exactly what I learn from the Diffie-Hellman algorithm, but he kept saying that he wanted me to distribute a shared secret via the key exchange. I really have no idea about what he is talking about. Do you have any ideas?
  Regards,
  Yating

• I need help with a migration from Exchange 2010 to 2007

  Hi All,
  I need help migrating mailboxes from a separate forest / domain using exchange 2010 to our Exchange 2007 SP3 servers..  I am following this procedure:
  1. On source server, create a mailbox user, test01.
  2. On target server, run the following command to move the AD account:
  Prepare-MoveRequest.Ps1 -Identity [email protected] -RemoteForestDomainController FQDN.source.com -RemoteForestCredential $Remote -LocalForestDomainController FQDN.target.com -LocalForestCredential $Local -UseLocalObject -Verbose"
  3. Run the ADMT to migrate the password and SID history.
  4. Run the following command to move the mailbox:
  New-MoveRequest -Identity '[email protected]' -RemoteLegacy -RemoteTargetDatabase DB03 -RemoteGlobalCatalog 'GC01.humongousinsurance.com' -RemoteCredential $Cred -TargetDeliveryDomain 'mail.contoso.com'
  (Changed all the details obviously)
  It gets to 95% and shows this error
  01/12/2014 12:47:24 [EX2K10] Fatal error UpdateMovedMailboxPermanentException has occurred.
  Error details: An error occurred while updating a user object after the move operation. --> Active Directory operation failed on DC.DC.COM . This error is not retriable. Additional information: The parameter is incorrect.
  Active directory response: 00000057: LdapErr: DSID-0C090A85, comment: Error in attribute conversion operation, data 0, vece --> The requested attribute does not exist.
     at Microsoft.Exchange.MailboxReplicationService.LocalMailbox.Microsoft.Exchange.MailboxReplicationService.IMailbox.UpdateMovedMailbox(UpdateMovedMailboxOperation op, ADUser remoteRecipientData, String domainController, ReportEntry[]& entries,
  Guid newDatabaseGuid, Guid newArchiveDatabaseGuid, String archiveDomain, ArchiveStatusFlags archiveStatus)
     at Microsoft.Exchange.MailboxReplicationService.MailboxWrapper.<>c__DisplayClass3c.<Microsoft.Exchange.MailboxReplicationService.IMailbox.UpdateMovedMailbox>b__3b()
     at Microsoft.Exchange.MailboxReplicationService.ExecutionContext.Execute(GenericCallDelegate operation)
     at Microsoft.Exchange.MailboxReplicationService.MailboxWrapper.Microsoft.Exchange.MailboxReplicationService.IMailbox.UpdateMovedMailbox(UpdateMovedMailboxOperation op, ADUser remoteRecipientData, String domainController, ReportEntry[]& entries,
  Guid newDatabaseGuid, Guid newArchiveDatabaseGuid, String archiveDomain, ArchiveStatusFlags archiveStatus)
     at Microsoft.Exchange.MailboxReplicationService.RemoteMoveJob.UpdateMovedMailbox()
     at Microsoft.Exchange.MailboxReplicationService.MoveBaseJob.UpdateAD(Object[] wiParams)
     at Microsoft.Exchange.MailboxReplicationService.CommonUtils.CatchKnownExceptions(GenericCallDelegate del, FailureDelegate failureDelegate)
  Error context: --------
  Operation: IMailbox.UpdateMovedMailbox
  OperationSide: Target
  Primary (b5373e49-6a06-41f4-990e-27807c7a57f3)
  01/12/2014 12:47:24 [EX2K10] Relinquishing job.
  Any ideas what i can do about this? 

  Hi,
  From your description, I recommend you follow the steps below for troubleshooting:
  Open the problematic user in AD and check the Email Address. Verify if you can open or edit the x400 address. If no, remove the x400 address and recreate it. If yes, ensure that the name is spelt correctly. After that, continue to move the mailbox and check
  the result.
  Hope this can be helpful to you.
  Best regards,
  Amy Wang
  TechNet Community Support

• Need help with adding a Key flex field to a seeded OAF page

  We have a seeded OAF page on which we already have Account Key Flex Field.
  Properties of this flex field are:
  The ApplShortName - SQLGL
  Name - GL#
  Type - Key
  As per the client requirement, in the KFF screen, we have disabled the seeded structure for Accounting Flexfield and created a custom structure.
  Our custom structure for the KFF is displayed correctly on the OAF page.
  But now the requirement is to add a new KFF on the OAF page which is duplicate of the existing KFF, along with the existing KFF field; the structure and segments are same. Only difference being the display name of the existing KFF field is Account; the new one needs to be Tax structure.
  Using personalization we added a new flex item and added the properties same as the existing KFF.
  ApplShortName - SQLGL
  Name - GL#
  Type - Key
  But the page is giving following error:
  The data that defines the flexfield on this field may be inconsistent. Inform your system administrator that the function: KeyFlexfieldDefinitionFactory.getStructureNumber could not find the structure definition for the flexfield specified by Application = SQLGL, Code = GL# and Structure number =
  We tried options like compiling the flexfield definition, but the error persists.
  Any help in this regard is highly appreciated.
  Regards,
  Kiranmayi.

  Hi,
  Please check whether your key flex structure is frozen or not. If now please freeze it and re compile and try.
  This may helps too
  error while developing KFF in oaf
  Thanks
  Bharat
  Edited by: Bharat on May 10, 2013 4:51 AM

• Need help with locating a key using a value in a HashMap.

  I am quite new to Java and programming, and am just learning this in High School (enjoying it thoroughly). Sorry if I don't respect the etiquette or formatting of this board (it's unintentional).
  I am using the book, Objects First Wth Java A Practical Introduction Using Blue J and am working on extensively improving the "World of Zuul" project. Which is a text-based adventure game.
  Here is a code sample;
  public String getNameFromList(String name)
    boolean found = false;
    Set pairSet = xItemList.entrySet();
    for(Iterator iter = pairSet.iterator(); (found == false && iter.hasNext());){
    Item currentItem = (Item) iter.next().getValue();
    String currentKey = currentItem.getName();
    if(name.equals(currentKey)){
      String changedName = iter.next().getKey();
      return changedName;
  error; cannot resolve symbol:
  method: getValue()xItemList is a HashMap with String keys, and Item values.
  The relevant field of Item is name, which is a string.
  The currentKey local variable is a little misleading, it is the current name, but acts as the 'key' when looking for the actual key.
  changedName (if the parameter name is found from the item.getNames()), is what the method returns, the key associated with a object (by looking at the object's field).
  My objective for this method is for it to have a name as a parameter, which it searches for in the HashMap (by Iteration over the entrySet - or I suppose iteration over Set values(), but this loses which object value is tied to which key, doesn't it?), and returns the respective key.
  Any help would be very much appreciated (even if it is telling me that this can't be done with HashMaps!).

  It's not clear to me what your question is, or if indeed you even have a question.
  You seem to be having a problem with types. Iterators return Objects.
  So in this line:
    Item currentItem = (Item) iter.next().getValue();The iterator's next() method is returning an Object, and you're trying to call getValue() on that Object. But Object doesn't have a getValue() method. That would explain your error message. Map.Entry does; you apparently meant to call Map.Entry's getValue() method. You would cast the result of iter.next() to Map.Entry before you call getValue().
  Also you're calling next() on your iterator twice in the body of the loop, which means you're getting two different values... this is probably not what you intend.
  But you're making this more complicated than it needs to be anyway.
  Why are you iterating through the set of entries in the HashMap?
  The whole point of a Map is that you get an item using an object as the key. Just do xItemList.get(name). Right?

• Need help with server for Microsoft Exchange

  Okay. My college uses Microsoft Outlook and I wanted to be able to check it from my phone.
  So I am trying to use microsoft exchange.
  but I don't know what to put in the server part.
  I don't get step three
  3.Your iPhone (or iPod touch) will now try to locate your Exchange server using Microsoft's Autodiscovery service. If the server cannot be located, the screen below is shown. Enter your front-end Exchange server's complete address in the Server field. Contact your Exchange server administrator if you are unsure of the address.
  any help or being pushed in the right direction would be greatly apperciated!!

  Your college IT people would have to have "enabled" iPhone connections to their Exchange servers, it's quite possible they have not done that. In either case, contact your college IT people to determine if they even allow this and, if they do, the Exchange server info you need to enter. They are the key.

• Need Help with diff

  Hi!
  Many moons ago, I was using diff to just show the differences between file1 and file2. That is, I would end up with output that only showed the changed lines in two columns, and for the life of me, I can't figure out how I did it.
  Here's what I'm trying to do. I'm taking File1, copying it, and making corrections. The corrected one will be File2. What I'd like to show are the changed lines, but only changed text - not changed white space, tabs, etc. - ideally in two-column, side-by-side format. But diff seems intent on showing me every line, changed, or not. The output I'm getting is not very helpful. Maybe one of you experts can help me put the right flags up? TIA!

  Hi Sudont,
     It's almost too much to believe that your diff behaves so differently from ours. I hope that it doesn't turn out to be an attempt at ironic humor on the part of the authors of diff. I use diff in scripts that depend on the behavior you rightfully expect. I agree with others that differing line endings sounds like a possible culprit.
     There are other ways of "instructing" diff to list only lines that differ. If you feel like really hitting it over the head with a sledge hammer you could use:
  diff --old-group-format='%<'' <file_1>.txt <file_2>.txt
  This can of course be combined into:
  diff --changed-group-format='%<%>' --unchanged-group-format='' <file_1>.txt <file_2>.txt
  However, I mentioned the first syntax because you can omit the file format of either the old or new group and get a just the output of the other group.
     I was even more convinced that line endings were an issue when you mentioned making the file readable to Windoze users. I just figured out what I think is a cool new way of changing line endings. It may be using a cannon to kill a flee but it works reliably. The idea is to let vim change the line endings for you. Here's a command that should change the line endings of the file to dos:
  vim -c "set ff=dos" -c w -c q <file_1>.txt
  and the following command will change it back:
  vim -c "set ff=unix" -c w -c q <file_1>.txt
  That command actually opens the file with vim briefly before closing it after very quick work. When it opens, vim scrolls the scrollback up one whole window, which makes it look like your history commands disappear. Fear not. They are but a little further away.
  Gary
  ~~~~
     Felix Catus is your taxonomic nomenclature,
     An endothermic quadroped, carnivorous by nature.
     Your visual, olfactory, and auditory senses
     Contribute to your hunting skills and natural defenses.
     I find myself intrigued by your sub-vocal oscillations,
     A singular development of cat communications
     That obviates your basic hedonistic predelection
     For a rhythmic stroking of your fur to demonstrate affection.
     A tail is quite essential for your acrobatic talents:
     You would not be so agile if you lacked its counterbalance;
     And when not being utilitized to aid in locomotion,
     It often serves to illustrate the state of your emotion.
     Oh Spot, the complex levels of behavior you display
     Connote a fairly well-developed cognitive array.
     And though you are not sentient, Spot, and do not comprehend,
     I nonetheless consider you a true and valued friend.
        -- Lt. Cmdr. Data, "An Ode to Spot"

• Diffie Hellman Key Agreement

  Hi All,
  Can some one help me with a example to encrypt a string using Diffie hellman key agreement protocol
  Thanks &Regards
  Murali

  There are plenty of samples provided with the Javadoc.

• [SOLVED] VIM - need help with keymapping

  As the header says, I need help with creating a key mapping in my vimrc. What I would like is a
  mapping to<F8> that would toggle between " :set paste and :set nopaste. " Any and all help
  would be appreciated
  Last edited by orphius1970 (2010-03-02 07:50:22)

  YES!!!!  Thank you! Exactly what I was hoping for. I am new to vim so all these config options
  are a little intimidating for now. Thank you again!!!!

• Diffie Hellman Key Exchangeover Network

  Hi. I was reading through many examples on how to generate Difie Hellman keys but they many occurs within a single class or computer and not over a network as Diffie Hellman was created for. I was wondering if there are any available source codes that allows you to perform Diffie Hellman key exchange over the network ?

  See javax.crypto.KeyAgreement

• I need help with Creating Key Pairs

  Hello,
  I need help with Creating Key Pairs, I generate key pais with aba provider, but the keys generated are not base 64.
  the class is :
  import java.io.*;
  import java.math.BigInteger;
  import java.security.*;
  import java.security.spec.*;
  import java.security.interfaces.*;
  import javax.crypto.*;
  import javax.crypto.spec.*;
  import au.net.aba.crypto.provider.ABAProvider;
  class CreateKeyPairs {
  private static KeyPair keyPair;
  private static KeyPairGenerator pairGenerator;
  private static PrivateKey privateKey;
  private static PublicKey publicKey;
  public static void main(String[] args) throws Exception {
  if (args.length != 2) {
  System.out.println("Usage: java CreateKeyParis public_key_file_name privete_key_file_name");
  return;
  createKeys();
  saveKey(args[0],publicKey);
  saveKey(args[1],privateKey);
  private static void createKeys() throws Exception {
  Security.addProvider(new ABAProvider());
  pairGenerator = KeyPairGenerator.getInstance("RSA","ABA");
  pairGenerator.initialize(1024, new SecureRandom());
  keyPair = pairGenerator.generateKeyPair();
  privateKey = keyPair.getPrivate();
  publicKey = keyPair.getPublic();
  private synchronized static void saveKey(String filename,PrivateKey key) throws Exception {
  ObjectOutputStream out= new ObjectOutputStream(new FileOutputStream(filename));
  out.writeObject(key);
  out.close();
  private synchronized static void saveKey(String filename,PublicKey key) throws Exception {
  ObjectOutputStream out= new ObjectOutputStream( new FileOutputStream(filename));
  out.writeObject(key);
  out.close();
  the public key is:
  �� sr com.sun.rsajca.JSA_RSAPublicKeyrC��� xr com.sun.rsajca.JS_PublicKey~5< ~��% L thePublicKeyt Lcom/sun/rsasign/p;xpsr com.sun.rsasign.anm����9�[ [ at [B[ bq ~ xr com.sun.rsasign.p��(!g�� L at Ljava/lang/String;[ bt [Ljava/lang/String;xr com.sun.rsasign.c�"dyU�|  xpt Javaur [Ljava.lang.String;��V��{G  xp   q ~ ur [B���T�  xp   ��ccR}o���[!#I����lo������
  ����^"`8�|���Z>������&
  d ����"B��
  ^5���a����jw9�����D���D�)�*3/h��7�|��I�d�$�4f�8_�|���yuq ~
  How i can generated the key pairs in base 64 or binary????
  Thanxs for help me
  Luis Navarro Nu�ez
  Santiago.
  Chile.
  South America.

  I don't use ABA but BouncyCastle
  this could help you :
  try
  java.security.Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
  java.security.KeyPairGenerator kg = java.security.KeyPairGenerator.getInstance("RSA","BC");
  java.security.KeyPair kp = kg.generateKeyPair();
  java.security.Key pub = kp.getPublic();
  java.security.Key pri = kp.getPrivate();
  System.out.println("pub: " + pub);
  System.out.println("pri: " + pri);
  byte[] pub_e = pub.getEncoded();
  byte[] pri_e = pri.getEncoded();
  java.io.PrintWriter o;
  java.io.DataInputStream i;
  java.io.File f;
  o = new java.io.PrintWriter(new java.io.FileOutputStream("d:/pub64"));
  o.println(new sun.misc.BASE64Encoder().encode(pub_e));
  o.close();
  o = new java.io.PrintWriter(new java.io.FileOutputStream("d:/pri64"));
  o.println(new sun.misc.BASE64Encoder().encode(pri_e));
  o.close();
  java.io.BufferedReader br = new java.io.BufferedReader(new java.io.FileReader("d:/pub64"));
  StringBuffer keyBase64 = new StringBuffer();
  String line = br.readLine ();
  while(line != null)
  keyBase64.append (line);
  line = br.readLine ();
  byte [] pubBytes = new sun.misc.BASE64Decoder().decodeBuffer(keyBase64.toString ());
  br = new java.io.BufferedReader(new java.io.FileReader("d:/pri64"));
  keyBase64 = new StringBuffer();
  line = br.readLine ();
  while(line != null)
  keyBase64.append (line);
  line = br.readLine ();
  byte [] priBytes = new sun.misc.BASE64Decoder().decodeBuffer(keyBase64.toString ());
  java.security.KeyFactory kf = java.security.KeyFactory.getInstance("RSA","BC");
  java.security.Key pubKey = kf.generatePublic(new java.security.spec.X509EncodedKeySpec(pubBytes));
  System.out.println("pub: " + pubKey);
  java.security.Key priKey = kf.generatePrivate(new java.security.spec.PKCS8EncodedKeySpec(priBytes));
  System.out.println("pri: " + priKey);
  catch(Exception e)
  e.printStackTrace ();
  }

• Need help with Outlook 2013 connecting to Exchange server(2010)

  Hi
  I need help with Outlook 2013 and with my exchange server(2010) email account
  After setting up account initially emails come in and than after an hour or two stop. My OWA is working fine with no issues. I have even created a forward rule in OWA to my GMAIL account whch works fine
  However Outlook 2013 is not syncing messages, have difficulty in sending emails sometimes as it takes too long.  In fact the connection also is intermittent. Even if the task bar shows connected to exchange, it seems that is not the case since new emails
  and any emails I compose dont work.  I have trouble shot the issue with my ISP and email service provide, but they havent resolved the issue  I have also done a TraceRoute and that shows no drops or problems to he exchange server.
  Can someone please help me resolve this matter so I can continue to use Outlook 2013( running Windows 8.1) in both my computers which have the identical problem
  Look forward to a solution soon
  Thanks

  Hi Angela
  Thanks for your message
  To answer your questions, please note the following
  a) My account is set up in Cache Mode( not online mode)
  b) I am the only other user on the account
  c) When the connection to the exchange server is broken, I see upon clicking connection tab that there is no information in the box, and when I press reconnect it starts showing "connecting"
  d) When the connection to the server is there, it shows  connection as "established"
  e) Sorry I dont understand th meaning of CAS array in your environment?  Can you pls explain
  Since yday I have been using Outlook 2010 on desktop and Outlook 2013 on my laptop using Exchange 2013 account.  So far all emails are syncing, and I can send emails from both computers. However, I am concerned that the connection can break-off anytime,
  as it has done that in the past on both outlook versions.  The max time it has worked without any problem is 48 hrs and than after that the same issue of not connection, not syncing and unable to send emails happens
  My ISP has checked and there is no network connectivity issues. My email service provider has trouble shot the issue many times, but to no positive results.  I have also changed the profile a few times, but the intermittent connectivity problem hasn't
  been resolved.
  Can you identify the possible causes and more importantly a working permanent solution please
  Thanks
  Mahesh

• I need help with my i tunes gift card(exchangable) that is damaged.Help please!!

  I need help with my i tunes gift card(exchangable) that is damaged.Help please!!

  iTunes Store: Invalid, inactive, or illegible codes