ECDH Group 19 (256-bit Elliptic curve) key length

Tomas Mraz tomas at openssl.org
Mon Jul 8 12:53:09 UTC 2024


You should use some Key Derivation Function (KDF) to derive a key from
this shared secret. For example TLS-1.3 uses HKDF for that.

The best way would be to use TLS-1.3 (or some other standardized secure
protocol) directly instead of inventing and implementing your own
protocol though.

Tomas Mraz, OpenSSL


On Mon, 2024-07-08 at 12:47 +0000, Vishal Kevat via openssl-users
wrote:
> 
> 
> 
> Hi OpenSSL,
>  
> I am using group 19 which is ECDH elliptic curve group
> (NID_X9_62_prime256v1)and is giving 32 bytes/256 bit of shared secret
> key.
>  
> I want to use it to work with AES-128 CBC encryption algorithm. As
> the key length generated by ECDH is 32 bytes, is there any way to
> generate the key length of 16 bytes/128 bit with group 19 ECDH
> algorithm?
>  
> On one of the article, it is mentioned that encryption or
> authentication algorithms with a 128-bit key to be used for Diffie-
> Hellman groups 5, 14, 19, 20 or 24.
> Link:
> https://community.cisco.com/t5/security-knowledge-base/diffie-hellman-groups/ta-p/3147010
> Please let me know if group 19 can generate 128 bit key length by any
> means.
>  
> Regards,
> Vishal Kevat
>  
>  
> 
> General

-- 
Tomáš Mráz, OpenSSL



More information about the openssl-users mailing list