Diffie Hellman Key 与四方交换
Diffie Helman Key exchange with four parties
我正在尝试修改三方之间的 Deffie Helman 密钥交换示例。
这是代码。
// Alice uses Carol's public key
Key ac = aliceKeyAgree.doPhase(carolKpair.getPublic(), false);
// Bob uses Alice's public key
Key ba = bobKeyAgree.doPhase(aliceKpair.getPublic(), false);
// Carol uses Bob's public key
Key cb = carolKeyAgree.doPhase(bobKpair.getPublic(), false);
Key sc = saraKeyAgree.doPhase(carolKpair.getPublic(), false);
// Alice uses Carol's result from above
aliceKeyAgree.doPhase(cb, true);
// Bob uses Alice's result from above
bobKeyAgree.doPhase(ac, true);
// Carol uses Bob's result from above
carolKeyAgree.doPhase(ba, true);
saraKeyAgree.doPhase(sc,true);
// Alice, Bob and Carol compute their secrets
byte[] aliceSharedSecret = aliceKeyAgree.generateSecret();
System.out.println("Alice secret: " + toHexString(aliceSharedSecret));
byte[] bobSharedSecret = bobKeyAgree.generateSecret();
System.out.println("Bob secret: " + toHexString(bobSharedSecret));
byte[] carolSharedSecret = carolKeyAgree.generateSecret();
System.out.println("Carol secret: " + toHexString(carolSharedSecret));
byte[] saraSharedSecret = saraKeyAgree.generateSecret();
System.out.println("Sara secret: " + toHexString(saraSharedSecret));
// Compare Alice and Bob
if (!java.util.Arrays.equals(aliceSharedSecret, bobSharedSecret))
throw new Exception("Alice and Bob differ");
System.out.println("Alice and Bob are the same");
// Compare Bob and Carol
if (!java.util.Arrays.equals(bobSharedSecret, carolSharedSecret))
throw new Exception("Bob and Carol differ");
System.out.println("Bob and Carol are the same");
最后,只有 3 个结果匹配,第四个不同。我在这里做错了什么?
更新答案
我还不是密码学家,所以我学到了很多东西,谢谢!
我已经重写了逻辑,整个示例都发布在下面,供以后偶然发现的任何人使用。它还在 Compile Java
的沙箱中进行了测试
我将尝试解释这里发生的事情,尽管如果有人阅读本文发现我的 implementation/explanation 中有任何明显的缺陷,请告诉我。我不能说我完全理解它或使用的 Java API 所以我非常感谢任何澄清。
说明
这使用了一些巧妙的数学运算,其中大部分由底层 API 处理,我们只需要告诉它做什么,以正确的顺序和正确的值。
生成器 g 和模数 p 被选择并在所有参与者之间共享。
Alice、Bob、Carol 和 Sara 选择私钥,(A、B、C 和 S)并计算他们的 public 键 (gA, gB, gC, g S)。这些是从 g 计算出的私钥的幂,模 p.
每一方都需要将他们的操作结果一起发送给下一方,并且每一方都需要使用从另一方传递的值执行 n-1 操作,其中n是当事人的数量。
在此结束时,每一方都将通过其他人的私钥模 p 的力量筹集 g,永远不会使用过程和传递方法向对方透露他们的私钥是什么。
在第一轮中,每个参与者计算一个中间值(gAB,gBC 等)通过他们左边参与者的 public 键的力量提升他们的 public 键,模 p。
在传递 2+ 时,他们重复这个过程,但是使用他们左边的人先前操作的结果,将该结果提高到他们自己的私钥的幂,模 p。
重复这个传递和计算过程,直到每个人都计算出 gABCS,这成为共享秘密。
由于数学的运作方式(如果我没记错的话是指数定律),
gABCS = gBCSA = gCSAB = g SABC等
作为窃听者,Eve 可以看到 gA、gB、gC, gS, gAB, gBC, gCS, gSA, gABC, gBCS, gCSA, 但不能使用这些的任何组合来有效地重现 gABCS,因为他们不知道 A、B、C 或 S 的值,因为这些是永远不会传输的私钥.
这在理论上可以扩展到更多参与者。按照下面代码中的模式。您将添加另一名参与者,将他们添加到每个通道的操作列表中,然后再添加一个通道以确保每个人都在执行所需数量的操作。
我在下面添加了四位和五位参与者的示例代码。
有四个参与者的例子
import java.security.*;
import java.security.spec.*;
import javax.crypto.*;
import javax.crypto.spec.*;
import javax.crypto.interfaces.*;
/*
* This program executes the Diffie-Hellman key agreement protocol between
* 4 parties: Alice, Bob, Carol and Sara using a shared 2048-bit DH parameter.
*/
public class DHKeyAgreement4 {
private DHKeyAgreement4() {}
public static void main(String argv[]) throws Exception {
// Alice creates her own DH key pair with 2048-bit key size
KeyPairGenerator aliceKpairGen = KeyPairGenerator.getInstance("DH");
aliceKpairGen.initialize(2048);
KeyPair aliceKpair = aliceKpairGen.generateKeyPair();
// This DH parameters can also be constructed by creating a
// DHParameterSpec object using agreed-upon values
DHParameterSpec dhParamShared = ((DHPublicKey)aliceKpair.getPublic()).getParams();
// Bob creates his own DH key pair using the same params
KeyPairGenerator bobKpairGen = KeyPairGenerator.getInstance("DH");
bobKpairGen.initialize(dhParamShared);
KeyPair bobKpair = bobKpairGen.generateKeyPair();
// Carol creates her own DH key pair using the same params
KeyPairGenerator carolKpairGen = KeyPairGenerator.getInstance("DH");
carolKpairGen.initialize(dhParamShared);
KeyPair carolKpair = carolKpairGen.generateKeyPair();
// Carol creates her own DH key pair using the same params
KeyPairGenerator saraKpairGen = KeyPairGenerator.getInstance("DH");
saraKpairGen.initialize(dhParamShared);
KeyPair saraKpair = saraKpairGen.generateKeyPair();
//Alice initialize
KeyAgreement aliceKeyAgree = KeyAgreement.getInstance("DH");
//Alice computes gA
aliceKeyAgree.init(aliceKpair.getPrivate());
//Bob initialize
KeyAgreement bobKeyAgree = KeyAgreement.getInstance("DH");
//Bob computes gB
bobKeyAgree.init(bobKpair.getPrivate());
//Carol initialize
KeyAgreement carolKeyAgree = KeyAgreement.getInstance("DH");
//Carol computes gC
carolKeyAgree.init(carolKpair.getPrivate());
//Sara initialize
KeyAgreement saraKeyAgree = KeyAgreement.getInstance("DH");
//Sara computes gS
saraKeyAgree.init(saraKpair.getPrivate());
//First Pass
//Alice computes gSA
Key gSA = aliceKeyAgree.doPhase(saraKpair.getPublic(), false);
//Bob computes gAB
Key gAB = bobKeyAgree.doPhase(aliceKpair.getPublic(), false);
//Carol computes gBC
Key gBC = carolKeyAgree.doPhase(bobKpair.getPublic(), false);
//Sara computes gCS
Key gCS = saraKeyAgree.doPhase(carolKpair.getPublic(), false);
//Second Pass
//Alice computes gCSA
Key gCSA = aliceKeyAgree.doPhase(gCS, false);
//Bob computes gSAB
Key gSAB = bobKeyAgree.doPhase(gSA, false);
//Carol computes gABC
Key gABC = carolKeyAgree.doPhase(gAB, false);
//Sara computes gBCS
Key gBCS = saraKeyAgree.doPhase(gBC, false);
//Third Pass
//Alice computes gBCSA
Key gBCSA = aliceKeyAgree.doPhase(gBCS, true); //This is Alice's secret
//Bob computes gCSAB
Key gCSAB = bobKeyAgree.doPhase(gCSA, true); //This is Bob's secret
//Sara Computes gABCS
Key gABCS = saraKeyAgree.doPhase(gABC, true); //This is Sara's secret
//Carol computes gSABC
Key gSABC = carolKeyAgree.doPhase(gSAB, true); //This is Carol's secret
// Alice, Bob, Carol and Sara compute their secrets
byte[] aliceSharedSecret = aliceKeyAgree.generateSecret();
System.out.println("Alice secret: " + toHexString(aliceSharedSecret));
byte[] bobSharedSecret = bobKeyAgree.generateSecret();
System.out.println("Bob secret: " + toHexString(bobSharedSecret));
byte[] carolSharedSecret = carolKeyAgree.generateSecret();
System.out.println("Carol secret: " + toHexString(carolSharedSecret));
byte[] saraSharedSecret = saraKeyAgree.generateSecret();
System.out.println("Sara secret: " + toHexString(saraSharedSecret));
// Compare Alice and Bob
if (!java.util.Arrays.equals(aliceSharedSecret, bobSharedSecret))
System.out.println("Alice and Bob differ");// throw new Exception("Alice and Bob differ");
else
System.out.println("Alice and Bob are the same");
// Compare Bob and Carol
if (!java.util.Arrays.equals(bobSharedSecret, carolSharedSecret))
System.out.println("Bob and Carol differ");//throw new Exception("Bob and Carol differ");
else
System.out.println("Bob and Carol are the same");
//Compare Carol and Sara
if (!java.util.Arrays.equals(carolSharedSecret, saraSharedSecret))
System.out.println("Carol and Sara differ");//throw new Exception("Carol and Sara differ");
else
System.out.println("Carol and Sara are the same");
}
/*
* Converts a byte to hex digit and writes to the supplied buffer
*/
private static void byte2hex(byte b, StringBuffer buf) {
char[] hexChars = { '0', '1', '2', '3', '4', '5', '6', '7', '8',
'9', 'A', 'B', 'C', 'D', 'E', 'F' };
int high = ((b & 0xf0) >> 4);
int low = (b & 0x0f);
buf.append(hexChars[high]);
buf.append(hexChars[low]);
}
/*
* Converts a byte array to hex string
*/
private static String toHexString(byte[] block) {
StringBuffer buf = new StringBuffer();
int len = block.length;
for (int i = 0; i < len; i++) {
byte2hex(block[i], buf);
if (i < len-1) {
buf.append(":");
}
}
return buf.toString();
}
}
有五个参与者的例子
import java.security.*;
import java.security.spec.*;
import javax.crypto.*;
import javax.crypto.spec.*;
import javax.crypto.interfaces.*;
/*
* This program executes the Diffie-Hellman key agreement protocol between
* 5 parties: Alice, Bob, Carol, Sara and Dave using a shared 2048-bit DH parameter.
*/
public class DHKeyAgreement5 {
private DHKeyAgreement5() {}
public static void main(String argv[]) throws Exception {
// Alice creates her own DH key pair with 2048-bit key size
KeyPairGenerator aliceKpairGen = KeyPairGenerator.getInstance("DH");
aliceKpairGen.initialize(2048);
KeyPair aliceKpair = aliceKpairGen.generateKeyPair();
// This DH parameters can also be constructed by creating a
// DHParameterSpec object using agreed-upon values
DHParameterSpec dhParamShared = ((DHPublicKey)aliceKpair.getPublic()).getParams();
// Bob creates his own DH key pair using the same params
KeyPairGenerator bobKpairGen = KeyPairGenerator.getInstance("DH");
bobKpairGen.initialize(dhParamShared);
KeyPair bobKpair = bobKpairGen.generateKeyPair();
// Carol creates her own DH key pair using the same params
KeyPairGenerator carolKpairGen = KeyPairGenerator.getInstance("DH");
carolKpairGen.initialize(dhParamShared);
KeyPair carolKpair = carolKpairGen.generateKeyPair();
// Sara creates her own DH key pair using the same params
KeyPairGenerator saraKpairGen = KeyPairGenerator.getInstance("DH");
saraKpairGen.initialize(dhParamShared);
KeyPair saraKpair = saraKpairGen.generateKeyPair();
// Dave creates her own DH key pair using the same params
KeyPairGenerator daveKpairGen = KeyPairGenerator.getInstance("DH");
daveKpairGen.initialize(dhParamShared);
KeyPair daveKpair = daveKpairGen.generateKeyPair();
//Alice initialize
KeyAgreement aliceKeyAgree = KeyAgreement.getInstance("DH");
//Alice computes gA
aliceKeyAgree.init(aliceKpair.getPrivate());
//Bob initialize
KeyAgreement bobKeyAgree = KeyAgreement.getInstance("DH");
//Bob computes gB
bobKeyAgree.init(bobKpair.getPrivate());
//Carol initialize
KeyAgreement carolKeyAgree = KeyAgreement.getInstance("DH");
//Carol computes gC
carolKeyAgree.init(carolKpair.getPrivate());
//Sara initialize
KeyAgreement saraKeyAgree = KeyAgreement.getInstance("DH");
//Sara computes gS
saraKeyAgree.init(saraKpair.getPrivate());
//Dave initialize
KeyAgreement daveKeyAgree = KeyAgreement.getInstance("DH");
//Sara computes gS
daveKeyAgree.init(daveKpair.getPrivate());
//First Pass
//Alice computes gDA
Key gDA = aliceKeyAgree.doPhase(daveKpair.getPublic(), false);
//Bob computes gAB
Key gAB = bobKeyAgree.doPhase(aliceKpair.getPublic(), false);
//Carol computes gBC
Key gBC = carolKeyAgree.doPhase(bobKpair.getPublic(), false);
//Sara computes gCS
Key gCS = saraKeyAgree.doPhase(carolKpair.getPublic(), false);
//Dave computed gSD
Key gSD = daveKeyAgree.doPhase(saraKpair.getPublic(), false);
//Second Pass
//Alice computes gSDA
Key gSDA = aliceKeyAgree.doPhase(gSD, false);
//Bob computes gDAB
Key gDAB = bobKeyAgree.doPhase(gDA, false);
//Carol computes gABC
Key gABC = carolKeyAgree.doPhase(gAB, false);
//Sara computes gBCS
Key gBCS = saraKeyAgree.doPhase(gBC, false);
//Dave computes gCSD
Key gCSD = daveKeyAgree.doPhase(gCS, false);
//Third Pass
//Alice computes gCSDA
Key gCSDA = aliceKeyAgree.doPhase(gCSD, false);
//Bob computes gSDAB
Key gSDAB = bobKeyAgree.doPhase(gSDA, false);
//Carol computes gDABC
Key gDABC = carolKeyAgree.doPhase(gDAB, false);
//Sara Computes gABCS
Key gABCS = saraKeyAgree.doPhase(gABC, false);
//Dave computes gBCSC
Key gBCSD = daveKeyAgree.doPhase(gBCS, false);
//Fourth Pass
//Alice computes gBCSDA
Key gBCSDA = aliceKeyAgree.doPhase(gBCSD, true); //This is Alice's secret
//Bob computes gSDABC
Key gCSDAB = bobKeyAgree.doPhase(gCSDA, true); //This is Bob's secret
//Carol computes gSABC
Key gSDABC = carolKeyAgree.doPhase(gSDAB, true); //This is Carol's secret
//Sara Computes gABCS
Key gDABCS = saraKeyAgree.doPhase(gDABC, true); //This is Sara's secret
Key gABCSD = daveKeyAgree.doPhase(gABCS, true); //This is Dave's secret
// Alice, Bob, Carol and Sara compute their secrets
byte[] aliceSharedSecret = aliceKeyAgree.generateSecret();
System.out.println("Alice secret: " + toHexString(aliceSharedSecret));
byte[] bobSharedSecret = bobKeyAgree.generateSecret();
System.out.println("Bob secret: " + toHexString(bobSharedSecret));
byte[] carolSharedSecret = carolKeyAgree.generateSecret();
System.out.println("Carol secret: " + toHexString(carolSharedSecret));
byte[] saraSharedSecret = saraKeyAgree.generateSecret();
System.out.println("Sara secret: " + toHexString(saraSharedSecret));
byte[] daveSharedSecret = daveKeyAgree.generateSecret();
System.out.println("Dave secret: " + toHexString(daveSharedSecret));
// Compare Alice and Bob
if (!java.util.Arrays.equals(aliceSharedSecret, bobSharedSecret))
System.out.println("Alice and Bob differ");// throw new Exception("Alice and Bob differ");
else
System.out.println("Alice and Bob are the same");
// Compare Bob and Carol
if (!java.util.Arrays.equals(bobSharedSecret, carolSharedSecret))
System.out.println("Bob and Carol differ");//throw new Exception("Bob and Carol differ");
else
System.out.println("Bob and Carol are the same");
//Compare Carol and Sara
if (!java.util.Arrays.equals(carolSharedSecret, saraSharedSecret))
System.out.println("Carol and Sara differ");//throw new Exception("Carol and Sara differ");
else
System.out.println("Carol and Sara are the same");
//Compare Sara and Dave
if (!java.util.Arrays.equals(saraSharedSecret, daveSharedSecret))
System.out.println("Sara and Dave differ");//throw new Exception("Carol and Sara differ");
else
System.out.println("Sara and Dave are the same");
}
/*
* Converts a byte to hex digit and writes to the supplied buffer
*/
private static void byte2hex(byte b, StringBuffer buf) {
char[] hexChars = { '0', '1', '2', '3', '4', '5', '6', '7', '8',
'9', 'A', 'B', 'C', 'D', 'E', 'F' };
int high = ((b & 0xf0) >> 4);
int low = (b & 0x0f);
buf.append(hexChars[high]);
buf.append(hexChars[low]);
}
/*
* Converts a byte array to hex string
*/
private static String toHexString(byte[] block) {
StringBuffer buf = new StringBuffer();
int len = block.length;
for (int i = 0; i < len; i++) {
byte2hex(block[i], buf);
if (i < len-1) {
buf.append(":");
}
}
return buf.toString();
}
}
我正在尝试修改三方之间的 Deffie Helman 密钥交换示例。 这是代码。
// Alice uses Carol's public key
Key ac = aliceKeyAgree.doPhase(carolKpair.getPublic(), false);
// Bob uses Alice's public key
Key ba = bobKeyAgree.doPhase(aliceKpair.getPublic(), false);
// Carol uses Bob's public key
Key cb = carolKeyAgree.doPhase(bobKpair.getPublic(), false);
Key sc = saraKeyAgree.doPhase(carolKpair.getPublic(), false);
// Alice uses Carol's result from above
aliceKeyAgree.doPhase(cb, true);
// Bob uses Alice's result from above
bobKeyAgree.doPhase(ac, true);
// Carol uses Bob's result from above
carolKeyAgree.doPhase(ba, true);
saraKeyAgree.doPhase(sc,true);
// Alice, Bob and Carol compute their secrets
byte[] aliceSharedSecret = aliceKeyAgree.generateSecret();
System.out.println("Alice secret: " + toHexString(aliceSharedSecret));
byte[] bobSharedSecret = bobKeyAgree.generateSecret();
System.out.println("Bob secret: " + toHexString(bobSharedSecret));
byte[] carolSharedSecret = carolKeyAgree.generateSecret();
System.out.println("Carol secret: " + toHexString(carolSharedSecret));
byte[] saraSharedSecret = saraKeyAgree.generateSecret();
System.out.println("Sara secret: " + toHexString(saraSharedSecret));
// Compare Alice and Bob
if (!java.util.Arrays.equals(aliceSharedSecret, bobSharedSecret))
throw new Exception("Alice and Bob differ");
System.out.println("Alice and Bob are the same");
// Compare Bob and Carol
if (!java.util.Arrays.equals(bobSharedSecret, carolSharedSecret))
throw new Exception("Bob and Carol differ");
System.out.println("Bob and Carol are the same");
最后,只有 3 个结果匹配,第四个不同。我在这里做错了什么?
更新答案
我还不是密码学家,所以我学到了很多东西,谢谢!
我已经重写了逻辑,整个示例都发布在下面,供以后偶然发现的任何人使用。它还在 Compile Java
的沙箱中进行了测试我将尝试解释这里发生的事情,尽管如果有人阅读本文发现我的 implementation/explanation 中有任何明显的缺陷,请告诉我。我不能说我完全理解它或使用的 Java API 所以我非常感谢任何澄清。
说明
这使用了一些巧妙的数学运算,其中大部分由底层 API 处理,我们只需要告诉它做什么,以正确的顺序和正确的值。
生成器 g 和模数 p 被选择并在所有参与者之间共享。
Alice、Bob、Carol 和 Sara 选择私钥,(A、B、C 和 S)并计算他们的 public 键 (gA, gB, gC, g S)。这些是从 g 计算出的私钥的幂,模 p.
每一方都需要将他们的操作结果一起发送给下一方,并且每一方都需要使用从另一方传递的值执行 n-1 操作,其中n是当事人的数量。
在此结束时,每一方都将通过其他人的私钥模 p 的力量筹集 g,永远不会使用过程和传递方法向对方透露他们的私钥是什么。
在第一轮中,每个参与者计算一个中间值(gAB,gBC 等)通过他们左边参与者的 public 键的力量提升他们的 public 键,模 p。
在传递 2+ 时,他们重复这个过程,但是使用他们左边的人先前操作的结果,将该结果提高到他们自己的私钥的幂,模 p。
重复这个传递和计算过程,直到每个人都计算出 gABCS,这成为共享秘密。
由于数学的运作方式(如果我没记错的话是指数定律), gABCS = gBCSA = gCSAB = g SABC等
作为窃听者,Eve 可以看到 gA、gB、gC, gS, gAB, gBC, gCS, gSA, gABC, gBCS, gCSA, 但不能使用这些的任何组合来有效地重现 gABCS,因为他们不知道 A、B、C 或 S 的值,因为这些是永远不会传输的私钥.
这在理论上可以扩展到更多参与者。按照下面代码中的模式。您将添加另一名参与者,将他们添加到每个通道的操作列表中,然后再添加一个通道以确保每个人都在执行所需数量的操作。
我在下面添加了四位和五位参与者的示例代码。
有四个参与者的例子
import java.security.*;
import java.security.spec.*;
import javax.crypto.*;
import javax.crypto.spec.*;
import javax.crypto.interfaces.*;
/*
* This program executes the Diffie-Hellman key agreement protocol between
* 4 parties: Alice, Bob, Carol and Sara using a shared 2048-bit DH parameter.
*/
public class DHKeyAgreement4 {
private DHKeyAgreement4() {}
public static void main(String argv[]) throws Exception {
// Alice creates her own DH key pair with 2048-bit key size
KeyPairGenerator aliceKpairGen = KeyPairGenerator.getInstance("DH");
aliceKpairGen.initialize(2048);
KeyPair aliceKpair = aliceKpairGen.generateKeyPair();
// This DH parameters can also be constructed by creating a
// DHParameterSpec object using agreed-upon values
DHParameterSpec dhParamShared = ((DHPublicKey)aliceKpair.getPublic()).getParams();
// Bob creates his own DH key pair using the same params
KeyPairGenerator bobKpairGen = KeyPairGenerator.getInstance("DH");
bobKpairGen.initialize(dhParamShared);
KeyPair bobKpair = bobKpairGen.generateKeyPair();
// Carol creates her own DH key pair using the same params
KeyPairGenerator carolKpairGen = KeyPairGenerator.getInstance("DH");
carolKpairGen.initialize(dhParamShared);
KeyPair carolKpair = carolKpairGen.generateKeyPair();
// Carol creates her own DH key pair using the same params
KeyPairGenerator saraKpairGen = KeyPairGenerator.getInstance("DH");
saraKpairGen.initialize(dhParamShared);
KeyPair saraKpair = saraKpairGen.generateKeyPair();
//Alice initialize
KeyAgreement aliceKeyAgree = KeyAgreement.getInstance("DH");
//Alice computes gA
aliceKeyAgree.init(aliceKpair.getPrivate());
//Bob initialize
KeyAgreement bobKeyAgree = KeyAgreement.getInstance("DH");
//Bob computes gB
bobKeyAgree.init(bobKpair.getPrivate());
//Carol initialize
KeyAgreement carolKeyAgree = KeyAgreement.getInstance("DH");
//Carol computes gC
carolKeyAgree.init(carolKpair.getPrivate());
//Sara initialize
KeyAgreement saraKeyAgree = KeyAgreement.getInstance("DH");
//Sara computes gS
saraKeyAgree.init(saraKpair.getPrivate());
//First Pass
//Alice computes gSA
Key gSA = aliceKeyAgree.doPhase(saraKpair.getPublic(), false);
//Bob computes gAB
Key gAB = bobKeyAgree.doPhase(aliceKpair.getPublic(), false);
//Carol computes gBC
Key gBC = carolKeyAgree.doPhase(bobKpair.getPublic(), false);
//Sara computes gCS
Key gCS = saraKeyAgree.doPhase(carolKpair.getPublic(), false);
//Second Pass
//Alice computes gCSA
Key gCSA = aliceKeyAgree.doPhase(gCS, false);
//Bob computes gSAB
Key gSAB = bobKeyAgree.doPhase(gSA, false);
//Carol computes gABC
Key gABC = carolKeyAgree.doPhase(gAB, false);
//Sara computes gBCS
Key gBCS = saraKeyAgree.doPhase(gBC, false);
//Third Pass
//Alice computes gBCSA
Key gBCSA = aliceKeyAgree.doPhase(gBCS, true); //This is Alice's secret
//Bob computes gCSAB
Key gCSAB = bobKeyAgree.doPhase(gCSA, true); //This is Bob's secret
//Sara Computes gABCS
Key gABCS = saraKeyAgree.doPhase(gABC, true); //This is Sara's secret
//Carol computes gSABC
Key gSABC = carolKeyAgree.doPhase(gSAB, true); //This is Carol's secret
// Alice, Bob, Carol and Sara compute their secrets
byte[] aliceSharedSecret = aliceKeyAgree.generateSecret();
System.out.println("Alice secret: " + toHexString(aliceSharedSecret));
byte[] bobSharedSecret = bobKeyAgree.generateSecret();
System.out.println("Bob secret: " + toHexString(bobSharedSecret));
byte[] carolSharedSecret = carolKeyAgree.generateSecret();
System.out.println("Carol secret: " + toHexString(carolSharedSecret));
byte[] saraSharedSecret = saraKeyAgree.generateSecret();
System.out.println("Sara secret: " + toHexString(saraSharedSecret));
// Compare Alice and Bob
if (!java.util.Arrays.equals(aliceSharedSecret, bobSharedSecret))
System.out.println("Alice and Bob differ");// throw new Exception("Alice and Bob differ");
else
System.out.println("Alice and Bob are the same");
// Compare Bob and Carol
if (!java.util.Arrays.equals(bobSharedSecret, carolSharedSecret))
System.out.println("Bob and Carol differ");//throw new Exception("Bob and Carol differ");
else
System.out.println("Bob and Carol are the same");
//Compare Carol and Sara
if (!java.util.Arrays.equals(carolSharedSecret, saraSharedSecret))
System.out.println("Carol and Sara differ");//throw new Exception("Carol and Sara differ");
else
System.out.println("Carol and Sara are the same");
}
/*
* Converts a byte to hex digit and writes to the supplied buffer
*/
private static void byte2hex(byte b, StringBuffer buf) {
char[] hexChars = { '0', '1', '2', '3', '4', '5', '6', '7', '8',
'9', 'A', 'B', 'C', 'D', 'E', 'F' };
int high = ((b & 0xf0) >> 4);
int low = (b & 0x0f);
buf.append(hexChars[high]);
buf.append(hexChars[low]);
}
/*
* Converts a byte array to hex string
*/
private static String toHexString(byte[] block) {
StringBuffer buf = new StringBuffer();
int len = block.length;
for (int i = 0; i < len; i++) {
byte2hex(block[i], buf);
if (i < len-1) {
buf.append(":");
}
}
return buf.toString();
}
}
有五个参与者的例子
import java.security.*;
import java.security.spec.*;
import javax.crypto.*;
import javax.crypto.spec.*;
import javax.crypto.interfaces.*;
/*
* This program executes the Diffie-Hellman key agreement protocol between
* 5 parties: Alice, Bob, Carol, Sara and Dave using a shared 2048-bit DH parameter.
*/
public class DHKeyAgreement5 {
private DHKeyAgreement5() {}
public static void main(String argv[]) throws Exception {
// Alice creates her own DH key pair with 2048-bit key size
KeyPairGenerator aliceKpairGen = KeyPairGenerator.getInstance("DH");
aliceKpairGen.initialize(2048);
KeyPair aliceKpair = aliceKpairGen.generateKeyPair();
// This DH parameters can also be constructed by creating a
// DHParameterSpec object using agreed-upon values
DHParameterSpec dhParamShared = ((DHPublicKey)aliceKpair.getPublic()).getParams();
// Bob creates his own DH key pair using the same params
KeyPairGenerator bobKpairGen = KeyPairGenerator.getInstance("DH");
bobKpairGen.initialize(dhParamShared);
KeyPair bobKpair = bobKpairGen.generateKeyPair();
// Carol creates her own DH key pair using the same params
KeyPairGenerator carolKpairGen = KeyPairGenerator.getInstance("DH");
carolKpairGen.initialize(dhParamShared);
KeyPair carolKpair = carolKpairGen.generateKeyPair();
// Sara creates her own DH key pair using the same params
KeyPairGenerator saraKpairGen = KeyPairGenerator.getInstance("DH");
saraKpairGen.initialize(dhParamShared);
KeyPair saraKpair = saraKpairGen.generateKeyPair();
// Dave creates her own DH key pair using the same params
KeyPairGenerator daveKpairGen = KeyPairGenerator.getInstance("DH");
daveKpairGen.initialize(dhParamShared);
KeyPair daveKpair = daveKpairGen.generateKeyPair();
//Alice initialize
KeyAgreement aliceKeyAgree = KeyAgreement.getInstance("DH");
//Alice computes gA
aliceKeyAgree.init(aliceKpair.getPrivate());
//Bob initialize
KeyAgreement bobKeyAgree = KeyAgreement.getInstance("DH");
//Bob computes gB
bobKeyAgree.init(bobKpair.getPrivate());
//Carol initialize
KeyAgreement carolKeyAgree = KeyAgreement.getInstance("DH");
//Carol computes gC
carolKeyAgree.init(carolKpair.getPrivate());
//Sara initialize
KeyAgreement saraKeyAgree = KeyAgreement.getInstance("DH");
//Sara computes gS
saraKeyAgree.init(saraKpair.getPrivate());
//Dave initialize
KeyAgreement daveKeyAgree = KeyAgreement.getInstance("DH");
//Sara computes gS
daveKeyAgree.init(daveKpair.getPrivate());
//First Pass
//Alice computes gDA
Key gDA = aliceKeyAgree.doPhase(daveKpair.getPublic(), false);
//Bob computes gAB
Key gAB = bobKeyAgree.doPhase(aliceKpair.getPublic(), false);
//Carol computes gBC
Key gBC = carolKeyAgree.doPhase(bobKpair.getPublic(), false);
//Sara computes gCS
Key gCS = saraKeyAgree.doPhase(carolKpair.getPublic(), false);
//Dave computed gSD
Key gSD = daveKeyAgree.doPhase(saraKpair.getPublic(), false);
//Second Pass
//Alice computes gSDA
Key gSDA = aliceKeyAgree.doPhase(gSD, false);
//Bob computes gDAB
Key gDAB = bobKeyAgree.doPhase(gDA, false);
//Carol computes gABC
Key gABC = carolKeyAgree.doPhase(gAB, false);
//Sara computes gBCS
Key gBCS = saraKeyAgree.doPhase(gBC, false);
//Dave computes gCSD
Key gCSD = daveKeyAgree.doPhase(gCS, false);
//Third Pass
//Alice computes gCSDA
Key gCSDA = aliceKeyAgree.doPhase(gCSD, false);
//Bob computes gSDAB
Key gSDAB = bobKeyAgree.doPhase(gSDA, false);
//Carol computes gDABC
Key gDABC = carolKeyAgree.doPhase(gDAB, false);
//Sara Computes gABCS
Key gABCS = saraKeyAgree.doPhase(gABC, false);
//Dave computes gBCSC
Key gBCSD = daveKeyAgree.doPhase(gBCS, false);
//Fourth Pass
//Alice computes gBCSDA
Key gBCSDA = aliceKeyAgree.doPhase(gBCSD, true); //This is Alice's secret
//Bob computes gSDABC
Key gCSDAB = bobKeyAgree.doPhase(gCSDA, true); //This is Bob's secret
//Carol computes gSABC
Key gSDABC = carolKeyAgree.doPhase(gSDAB, true); //This is Carol's secret
//Sara Computes gABCS
Key gDABCS = saraKeyAgree.doPhase(gDABC, true); //This is Sara's secret
Key gABCSD = daveKeyAgree.doPhase(gABCS, true); //This is Dave's secret
// Alice, Bob, Carol and Sara compute their secrets
byte[] aliceSharedSecret = aliceKeyAgree.generateSecret();
System.out.println("Alice secret: " + toHexString(aliceSharedSecret));
byte[] bobSharedSecret = bobKeyAgree.generateSecret();
System.out.println("Bob secret: " + toHexString(bobSharedSecret));
byte[] carolSharedSecret = carolKeyAgree.generateSecret();
System.out.println("Carol secret: " + toHexString(carolSharedSecret));
byte[] saraSharedSecret = saraKeyAgree.generateSecret();
System.out.println("Sara secret: " + toHexString(saraSharedSecret));
byte[] daveSharedSecret = daveKeyAgree.generateSecret();
System.out.println("Dave secret: " + toHexString(daveSharedSecret));
// Compare Alice and Bob
if (!java.util.Arrays.equals(aliceSharedSecret, bobSharedSecret))
System.out.println("Alice and Bob differ");// throw new Exception("Alice and Bob differ");
else
System.out.println("Alice and Bob are the same");
// Compare Bob and Carol
if (!java.util.Arrays.equals(bobSharedSecret, carolSharedSecret))
System.out.println("Bob and Carol differ");//throw new Exception("Bob and Carol differ");
else
System.out.println("Bob and Carol are the same");
//Compare Carol and Sara
if (!java.util.Arrays.equals(carolSharedSecret, saraSharedSecret))
System.out.println("Carol and Sara differ");//throw new Exception("Carol and Sara differ");
else
System.out.println("Carol and Sara are the same");
//Compare Sara and Dave
if (!java.util.Arrays.equals(saraSharedSecret, daveSharedSecret))
System.out.println("Sara and Dave differ");//throw new Exception("Carol and Sara differ");
else
System.out.println("Sara and Dave are the same");
}
/*
* Converts a byte to hex digit and writes to the supplied buffer
*/
private static void byte2hex(byte b, StringBuffer buf) {
char[] hexChars = { '0', '1', '2', '3', '4', '5', '6', '7', '8',
'9', 'A', 'B', 'C', 'D', 'E', 'F' };
int high = ((b & 0xf0) >> 4);
int low = (b & 0x0f);
buf.append(hexChars[high]);
buf.append(hexChars[low]);
}
/*
* Converts a byte array to hex string
*/
private static String toHexString(byte[] block) {
StringBuffer buf = new StringBuffer();
int len = block.length;
for (int i = 0; i < len; i++) {
byte2hex(block[i], buf);
if (i < len-1) {
buf.append(":");
}
}
return buf.toString();
}
}