RFC 2631 (rfc2631) - Page 2 of 13


Diffie-Hellman Key Agreement Method



Alternative Format: Original Text Document



RFC 2631          Diffie-Hellman Key Agreement Method          June 1999


   2.2.1.2. Generation of g . . . . . . . . . . . . . . . . . . .   9
   2.2.2. Group Parameter Validation  . . . . . . . . . . . . . .   9
   2.3. Ephemeral-Static Mode . . . . . . . . . . . . . . . . . .  10
   2.4. Static-Static Mode  . . . . . . . . . . . . . . . . . . .  10
   2.4. Acknowledgements  . . . . . . . . . . . . . . . . . . . .  10
   2.4. References  . . . . . . . . . . . . . . . . . . . . . . .  11
   Security Considerations  . . . . . . . . . . . . . . . . . . .  12
   Author's Address . . . . . . . . . . . . . . . . . . . . . . .  12
   Full Copyright Statement . . . . . . . . . . . . . . . . . . .  13

1.  Introduction

   In [DH76] Diffie and Hellman describe a means for two parties to
   agree upon a shared secret in such a way that the secret will be
   unavailable to eavesdroppers. This secret may then be converted into
   cryptographic keying material for other (symmetric) algorithms.  A
   large number of minor variants of this process exist. This document
   describes one such variant, based on the ANSI X9.42 specification.

1.1.  Requirements Terminology

   Keywords "MUST", "MUST NOT", "REQUIRED", "SHOULD", "SHOULD NOT" and
   "MAY" that appear in this document are to be interpreted as described
   in [RFC 2119].

2.  Overview Of Method

   Diffie-Hellman key agreement requires that both the sender and
   recipient of a message have key pairs. By combining one's private key
   and the other party's public key, both parties can compute the same
   shared secret number. This number can then be converted into
   cryptographic keying material.  That keying material is typically
   used as a key-encryption key (KEK) to encrypt (wrap) a content-
   encryption key (CEK) which is in turn used to encrypt the message
   data.

2.1.  Key Agreement

   The first stage of the key agreement process is to compute a shared
   secret number, called ZZ.  When the same originator and recipient
   public/private key pairs are used, the same ZZ value will result.
   The ZZ value is then converted into a shared symmetric cryptographic
   key. When the originator employs a static private/public key pair,
   the introduction of a public random value ensures that the resulting
   symmetric key will be different for each key agreement.






Rescorla                    Standards Track