DH_generate_key

Narayana, Sunil Kumar sanarayana at rbbn.com
Tue Dec 8 17:43:47 UTC 2020


Dear openssl team,

                While migrating from 1.0.2 to 3.0,  we found that DH_generate_key() has be deprecated. And as per the man page, it is advised to use EVP_PKEY_derive_init<https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_derive_init.html>  & EVP_PKEY_derive<https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_derive.html>
our application creates a new DH and using DH_generate_key() creates pub_key/priv_key and uses it. how can we replace this exactly with EVP.
And please suggest what EVP API's should we use to generate pub/priv keys ?

Application code

    dh = DH_new();
    dh->p = BN_bin2bn(modSize, octet_len, NULL);
    dh->g = BN_bin2bn(H235Bits_generator, H235Bits_generator_len / 8, NULL);

    if ( ! DH_generate_key(dh) )
    {
        return FAILURE;
    }
    n = (unsigned) BN_num_bytes(dh->pub_key);

    BN_bn2bin(dh->pub_key, p);
    n = (unsigned) BN_num_bytes(dh->priv_key);


Instead above logic can we do this ? is derive generated pub/priv keys ?

//create ctx
Ctx = EVP_PKEY_CTX_new_from_name (NULL, "DM", NULL);
EVP_PKEY_derive_init (ctx)


Regards,
Sunil


-----------------------------------------------------------------------------------------------------------------------
Notice: This e-mail together with any attachments may contain information of Ribbon Communications Inc. that
is confidential and/or proprietary for the sole use of the intended recipient.  Any review, disclosure, reliance or
distribution by others or forwarding without express permission is strictly prohibited.  If you are not the intended
recipient, please notify the sender immediately and then delete all copies, including any attachments.
-----------------------------------------------------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201208/9e8c0a5b/attachment.html>


More information about the openssl-users mailing list