. By specifying the size of the keys at 256 bits, Java selects the NIST P-256 curve settings (secp256r1). For other key sizes, it selects other standard curves NIST, p.B. P-384, P-521. If you want to use different settings, you need to explicitly specify them with the ECGenParameterSpec argument. Step by step through the example. First, we import a large number of different classes. We will discuss all of this when we come to them. We use an example of the key ECDH protocol. The first step is to start it with our private key. Then we hand over the public key of the other part on the doPhase method (). We present the second argument that this is the last phase of the agreement (this is the only phase of the ECDH). Diffie-Hellman calculates a common secret based on our private key and the other party`s public key, so that`s all we need in this case.
The magic of DH is that each party calculates the same value, although they have different sets of keys at their disposal. No one who listens to the exchange can calculate the common secret, unless they have access to one of the private keys (which are never disclosed). The keys involved in setting up a common secret key are created by one of the key generators (KeyPairGenerator or KeyGenerator), a KeyFactory or following an intermediate phase of the key memorandum of understanding. The key ECDH agreement is simple once we have exchanged public keys. Note: The second setting (lastPhase) of doPhase must be fixed in truth, otherwise an illegal arrangement clause (only two parts are supported, lastPhase must be true) is generated (at least for ECDH). . The first step is to generate a pair of ephemeral elliptical curves for use in the algorithm. We do this with the aptly named KeyPairGenerator, using the algorithm name “EC,” to select the creation of elliptical key Curve: The IllegalStateException procedure (phase already performed) seems mainly due to the ECDH implementation of the SunEC provider. The exception does not occur if an init (additional) is performed just before the execution phase. However, this init call should not be necessary, because after the execution of the call doPhase generateSecret, that the KeyAgreement instance should reset to the state after the init call, at least according to the generateSecret documentation: We assume that the other party will also use a public NIST P-256 turn key.