Databases
StackOverflow2013
Postsdbo
POBouncy Castle Diffie-Hellman DHParams Issue
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POBouncy Castle Diffie-Hellman DHParams Issue
    text
    copied!<p>I am trying to use the bouncy castle .net libraries to perform Diffie-Hellman key exchange and am running into a problem when generating the DHParams object. </p> <p>My solution will include a central authority which will generate a separate DH key/pair for each client that connects. The idea is that I will keep a separate DH key agreement for each client that connects. I will then send the p,g value to the client where the client will calculate it's dh key agreement. I want to generate different p,g values for each client. I am using BigInteger for that but am running into some problems.</p> <p>When I try to create a new DHParameters object it throws the following exception whenever I use a bit length other than 768: </p> <pre><code>System.ArgumentException was unhandled Message="generator must in the range [2, p - 2]\r\nParameter name: g" Source="BouncyCastle.Crypto" ParamName="g" StackTrace: at Org.BouncyCastle.Crypto.Parameters.DHParameters..ctor(BigInteger p, BigInteger g, BigInteger q, Int32 m, Int32 l, BigInteger j, DHValidationParameters validation) at Org.BouncyCastle.Crypto.Parameters.DHParameters..ctor(BigInteger p, BigInteger g, BigInteger q, Int32 l) at TestDH.Program.Main(String[] args) in C:\dev\source\TestDH\TestDH\Program.cs:line 30 at System.AppDomain._nExecuteAssembly(Assembly assembly, String[] args) at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly() at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading.ThreadHelper.ThreadStart() InnerException: "generator must in the range [2, p - 2]" </code></pre> <p>I'm not sure if it matters but I've tried all kinds of different values for certainty in the BigInteger constructor.</p> <p>Here is my code:</p> <pre><code> SecureRandom sr = new SecureRandom(); // p,g generation, done by central authority BigInteger g512 = new BigInteger(512, 30, sr); BigInteger p512 = new BigInteger(512, 30, sr); // p,g is then sent to client from central authority // common - performed by both server and client sides IAsymmetricCipherKeyPairGenerator keyGen = GeneratorUtilities.GetKeyPairGenerator("DH"); DHParameters dhParams = new DHParameters(p512, g512, null, 512); // Here is where I get the exception if the first parameter if BigInteger is not 768 or lager </code></pre> <p>The issue is that it takes too long to generate the 768 bit prime number - upwards of 5 seconds on a dual core 2.1Ghz processor with no other processes running. That's just too big of a penalty to incur with each client that initiates a connection. I would like to use smaller bit lengths for the BigInteger.</p> <p>I'm probably doing this completely wrong - there is scant documentation on how to do DH with bouncy castle and the test/examples just don't match my usage case. I don't want to have pre-generated p,g values.</p> <p><strong>EDIT</strong> It seems even the 768 bit length gives errors once in awhile. After restarting my machine I could get no bit lengths other than 1024 to work, and even then only about 80% of the time. I think I'm doing something wrong.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload