RFC 2875 (rfc2875) - Page 2 of 23
Diffie-Hellman Proof-of-Possession Algorithms
Alternative Format: Original Text Document
RFC 2875 Diffie-Hellman Proof-of-Possession Algorithms July 2000
2. Terminology
The following definitions will be used in this document
DH certificate = a certificate whose SubjectPublicKey is a DH public
value and is signed with any signature algorithm (e.g. RSA or DSA).
3. Static DH Proof-of-Possession Process
The steps for creating a DH POP are:
1. An entity (E) chooses the group parameters for a DH key
agreement.
This is done simply by selecting the group parameters from a
certificate for the recipient of the POP process.
A certificate with the correct group parameters has to be
available. Let these common DH parameters be g and p; and let
this DH key-pair be known as the Recipient key pair (Rpub and
Rpriv).
Rpub = g^x mod p (where x=Rpriv, the private DH value and
^ denotes exponentiation)
2. The entity generates a DH public/private key-pair using the
parameters from step 1.
For an entity E:
Epriv = DH private value = y
Epub = DH public value = g^y mod p
3. The POP computation process will then consist of:
a) The value to be signed is obtained. (For a RFC 2314 object, the
value is the DER encoded certificationRequestInfo field
represented as an octet string.) This will be the `text'
referred to in [RFC 2104], the data to which HMAC-SHA1 is
applied.
b) A shared DH secret is computed, as follows,
shared secret = ZZ = g^xy mod p
Prafullchandra & Schaad Standards Track