I have two systems which need to encrypt their communication by AES-128. The key
ID: 649569 • Letter: I
Question
I have two systems which need to encrypt their communication by AES-128. The key for the AES encryption should be exchanged with the Diffie-Hellman (DH) algorithm.
Now, I've read about DH and got a lot of question marks over my head. These are my questions:
Typically with AES-128, you need a password and a key which will be generated from the password. What exactly will be exchanged with DH, is it the password or the key? In other words, what is the secret that Alice and Bob will calculate?
If I use a 1024 bit prime and a 256 bit private secret for DH, the calculated secret will consist of a lot more than the required 128 bit for AES-128. How can I transform the secret to match the required 128 bit? Is there a standard to do it, because the two systems use different programming languages?
You see, there is a lot of confusion. Maybe you could help me and shed some light on it.
Explanation / Answer
I will try to simplify things:
preliminary: When you encrypt data with a cipher, e.g. AES, you provide it with a password. The cipher algorithm takes (internally - you don't need to do anything programmatically) the password and generates a key out of it by applying some cryptographic algorithms to it. The purpose of this key-generation internal phase is to "obfuscate" your password by hashing and to have a proper length of a key to fit the cipher algorithm. That key is then used internally by the cipher to actually encrypt your data.
Now, Alice and Bob need to exchange some shared secret so both can encrypt/decrypt the data with the symmetric cipher e.g. AES. If you use DH algorithm to exchange a shared secret, this secret can be then used as a password for the AES cipher, or be a "seed" password for a stronger password generation algorithm like BPKDF2 (you use the BPKDF2 here as a stand alone program to generate a stronger password - don't get confused here with the "KDF" - "Key Derivation Function" part of the name, since you use it only to generate your strong password, not the "key" for the AES).
I don't want to express right now an opinion on the number of bits to use for the DH exchange - Mr. Pornin is the expert here so heed his advice - but to use the DH secret result as a password you can either use the PBKDF2 algorithm and ask it to generate the desired password length, or (a weaker approach compared to PBKDF2) just hash the DH secret with a good hash function e.g. SHA256, and use the left most 32 or 64 hex characters as a password for the AES-128 or the AES-256 algorithm, respectively.
A common hashing function algorithm like SHA256 is available in many programming languages.