Re: Beating a dead horse

Jan Luehe (Jan.Luehe@eng.sun.com)
Wed, 10 Mar 1999 09:32:21 -0800 (PST)

Date: Wed, 10 Mar 1999 09:32:21 -0800 (PST)
From: Jan Luehe <Jan.Luehe@eng.sun.com>
Subject: Re: Beating a dead horse
To: java-security@java.sun.com, Frank.Yellin@eng.sun.com

Frank:

> In the documentation for key exchange among two parties:
>
> B. Alice and Bob can share a secret key by performing
> a Diffie-Hellman key exchange, and then each . . . .
>
> desCipher = Cipher.getInstance("DES/ECB/....");
> desKey = keyAgreement.generateKey("DES");
> desCipher.init(ENCRYPT_MODE, desKey);
>
> [This is right out of the code example.]
>
> The documentation says absolutely nothing about Alice needing to give
> Bob her cipher.getParameters() information.

In the example, Alice and Bob use DES in ECB mode, which does not
require the exchange of any parameters. There is no IV involved
in ECB mode.
Had they used a mode other than ECB, then yes, Alice would have
needed to attach her parameter(s) to the first message she sent
to Bob. For example, she could have used a PEM or MIME message,
which defines a message format with a field
where she could specify the parameters used by her encryption.

> Yet according to (A) above, there is absolutely no reason to believe that
> Alice and Bob have the same desCipher, since each >>could<< be initialized
> with a random IV.

See above.

> There's clearly an implicit assumption that for any cipher that allows key
> exchange must also not have any randomly generated values or implementation
> specific values.
>
> If this implicit assumption is wrong, then the documentation needs to be
> clearer about the fact that Alice and Bob need to do a bit more sharing
> then most users would expect.
>
> [Remember, this all got started because I was surprised that
> cipher = Cipher.getInstance("DES/OFB8/....)
> cipher.init(DECRYPT_MODE, key)
> didn't do the obvious thing.]

I will add the above explanation to the sample code.

Thanks,

Jan