RFC 2875 (rfc2875) - Page 2 of 23

Diffie-Hellman Proof-of-Possession Algorithms

RFC 2875     Diffie-Hellman Proof-of-Possession Algorithms     July 2000


2. Terminology

   The following definitions will be used in this document

   DH certificate = a certificate whose SubjectPublicKey is a DH public
   value and is signed with any signature algorithm (e.g. RSA or DSA).

3. Static DH Proof-of-Possession Process

   The steps for creating a DH POP are:

   1. An entity (E) chooses the group parameters for a DH key
      agreement.

      This is done simply by selecting the group parameters from a
      certificate for the recipient of the POP process.

      A certificate with the correct group parameters has to be
      available. Let these common DH parameters be g and p; and let
      this DH key-pair be known as the Recipient key pair (Rpub and
      Rpriv).

      Rpub = g^x mod p         (where x=Rpriv, the private DH value and
                                ^ denotes exponentiation)

   2. The entity generates a DH public/private key-pair using the
      parameters from step 1.

      For an entity E:

         Epriv = DH private value = y
         Epub  = DH public value  = g^y mod p

   3. The POP computation process will then consist of:

      a) The value to be signed is obtained. (For a RFC 2314 object, the
         value is the DER encoded certificationRequestInfo field
         represented as an octet string.) This will be the `text'
         referred to in [RFC 2104], the data to which HMAC-SHA1 is
         applied.

      b) A shared DH secret is computed, as follows,

                shared secret = ZZ = g^xy mod p







Prafullchandra & Schaad     Standards Track