com.entrust.toolkit.security.crypto.ec

Class EcdhCofactorKeyAgreement

java.lang.Object

javax.crypto.KeyAgreementSpi

com.entrust.toolkit.security.crypto.ec.EcdhKeyAgreement

com.entrust.toolkit.security.crypto.ec.EcdhCofactorKeyAgreement

public final class EcdhCofactorKeyAgreement
extends EcdhKeyAgreement

A software based implementation of the Cofactor Elliptic Curve Diffie Hellman (ECDH) key agreement algorithm.

This implementation is based on the 'Modified Diffie-Hellman Primitive' defined in ANSI X9.63-2001 Section 5.4.2 (for further details, refer to ANSI X9.63). The modified ECDH primitive differs from the standard ECDH primitive by using the cofactor (an EC domain parameter) in the computation:

Standard ECDH: P = d1Q2
Cofactor ECDH: P = hd1Q2

where h is the cofactor, d1 is the private key of one party and Q2 is the public key of the other party. The modified ECDH primitive was designed to resist small subgroup attacks.

An instance of this algorithm can be obtained using the Java Cryptography Architecture (JCA), by requesting a 'cofactorECDH' key agreement algorithm from the Entrust cryptographic service provider. This can be done using the following call:

KeyAgreement.getInstance("cofactorECDH", "Entrust");

This class SHOULD NOT be used directly; it should only be used through the JCA/JCE.

Note: When used with an EC domain that has a cofactor of 1, the standard and modified ECDH primitives produce the same result (multiplication by a cofactor of 1 is the identity operation). When a cofactor other than 1 is used, the cofactor is included in the ECDH primitive. For a list of the named curves that are supported, refer to EcParameterFactory.

FIPS 140-2:

This class is part of the Toolkit's FIPS 140-2 cryptographic module and contains APIs that are considered part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; refer to the API documentation for further details

Since:

8.0

See Also:

EcdhKeyAgreement

Constructor Summary

Constructors

Constructor and Description
EcdhCofactorKeyAgreement() The constructor; creates a new instance of the cofactorECDH key agreement algorithm.

Method Summary

Methods inherited from class com.entrust.toolkit.security.crypto.ec.EcdhKeyAgreement

engineDoPhase, engineGenerateSecret, engineGenerateSecret, engineGenerateSecret, engineInit, engineInit

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

EcdhCofactorKeyAgreement

public EcdhCofactorKeyAgreement()

The constructor; creates a new instance of the cofactorECDH key agreement algorithm.

Applications should never use this constructor, instead the key agreement algorithm should be requested from the appropriate JCA/JCE cryptographic service provider as follows: KeyAgreement.getInstance("cofactorECDH", "Entrust").

FIPS 140-2:

FIPS Service: Modify Object

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call)