I've enountered a small problem while implementing a modified version of the Station-to-Station protocol (STS). Say we have two principals A and B, where both of them knows the other's public key:
- A->B: Ta (DH public value)
- B->A: Tb, SigB(Tb,Ta,A)
- A->B: SigA(Ta,Tb,B)
For the second protocol message, I want to encrypt (using my private key) some data using public key encryption (e.g. RSA); and as STS is a key agreement protocol used for establishing a secret key, symmetric encryption such as AES or 3DES cannot be used.
Furthermore, I thought of just hashing the data to some fixed size (using e.g. SHA-1) and then signing it; however that will not work either, since the other party must be able to extract the different parts of the signed message for some later verification check.
In case I was unclear: SigB(Tb,Ta,A)
where SigB
means signing using private key B, and I must be able to retrieve Ta, Tb and A.
Is there some other way besides chopping up the data into blocks and then signing each such block (ECB, which is vulnerable to crypto analysis)?
Here's the code that generates the DHparamspec
.
protected AlgorithmParameterSpec generateParameters() {
DHParameterSpec spec = null;
try {
AlgorithmParameterGenerator apg = AlgorithmParameterGenerator
.getInstance("DH");
apg.init(1024);
AlgorithmParameters algParam = apg.generateParameters();
spec = (DHParameterSpec)algParam
.getParameterSpec(DHParameterSpec.class);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (InvalidParameterSpecException e) {
e.printStackTrace();
}
return spec; // something went wrong
}
And the code that generates the DH pair.
kf = KeyFactory.getInstance("DH");
keyGen = KeyPairGenerator.getInstance("DH", "BC");
keyGen.initialize(paramSpec);
keyPair = keyGen.generateKeyPair();
kAgreement = KeyAgreement.getInstance("DH");
kAgreement.init(keyPair.getPrivate());