Re: Assymetric encryption & JCE

David Brownell (db@Eng)
Mon, 25 Jan 1999 16:30:38 -0800

Date: Mon, 25 Jan 1999 16:30:38 -0800
From: David Brownell <db@Eng>
To: satyendra dhingra <satyen@digitalmarket.com>
Subject: Re: Assymetric encryption & JCE

satyendra dhingra wrote:
>
> The problem I am running into i
>
> - the session keys are DES, and encryption of message data using
> session keys works fine, by using the DES cipher.
> - the private/public keys pairs are DSA, and there is no
> cipher avbl for encryption using these keys.

Normally one would

A: * agree on Diffie-Hellman [D-H] parameters (e.g. pick a
fixed set -- but preferably, negotiate!)

* Each member of a session generates a D-H key pair

* Signs the public D-H key from that pair using their DSA
private key, sending that key and the signature along
with cert to everyone else that wants to be in the session

B: * Use the Diffie-Hellman key exchange algorithm to
generate a shared secret, the "session key"

* This will have been authenticated!

C: * Use that session key to generate a key that'll be
driving the traffic encryption ... e.g. a 128 bit
Blowfish, or 162 bit Triple-Des, key.

That is, the encryption is symmetric (for speed) and uses the
key in the DSS/DSA certificate for authentication, but the key
is exchanged using a third algorithm that stresses D-H.

I suggest you look at the SSLv3 "DHE_DSS" key exchange protocol.
Also, Bruce Schneir's "Applied Crypto" 2nd edition.

- Dave