ECDH Group 19 (256-bit Elliptic curve) key length
Tomas Mraz
tomas at openssl.org
Mon Jul 8 12:53:09 UTC 2024
You should use some Key Derivation Function (KDF) to derive a key from
this shared secret. For example TLS-1.3 uses HKDF for that.
The best way would be to use TLS-1.3 (or some other standardized secure
protocol) directly instead of inventing and implementing your own
protocol though.
Tomas Mraz, OpenSSL
On Mon, 2024-07-08 at 12:47 +0000, Vishal Kevat via openssl-users
wrote:
>
>
>
> Hi OpenSSL,
>
> I am using group 19 which is ECDH elliptic curve group
> (NID_X9_62_prime256v1)and is giving 32 bytes/256 bit of shared secret
> key.
>
> I want to use it to work with AES-128 CBC encryption algorithm. As
> the key length generated by ECDH is 32 bytes, is there any way to
> generate the key length of 16 bytes/128 bit with group 19 ECDH
> algorithm?
>
> On one of the article, it is mentioned that encryption or
> authentication algorithms with a 128-bit key to be used for Diffie-
> Hellman groups 5, 14, 19, 20 or 24.
> Link:
> https://community.cisco.com/t5/security-knowledge-base/diffie-hellman-groups/ta-p/3147010
> Please let me know if group 19 can generate 128 bit key length by any
> means.
>
> Regards,
> Vishal Kevat
>
>
>
> General
--
Tomáš Mráz, OpenSSL
More information about the openssl-users
mailing list