https://www.ibm.com/docs/en/linux-on-systems?topic=keys-ec-…

metamitya ·

https://www.ibm.com/docs/en/linux-on-systems?topic=keys-ec-diffie-hellman-csndedh

Replies

metamitya ·

EC Diffie-Hellman (CSNDEDH)
Use the EC Diffie-Hellman verb to create symmetric key material from various input sources.
With the EC Diffie-Hellman verb, you can create:
- symmetric key material from a pair of elliptic curve cryptography (ECC) keys using Elliptic Curve Diffie-Hellman (ECDH) protocol and the static unified model key agreement scheme.
- "Z" - The "secret" material output from Elliptic Curve Diffie-Hellman process.
- symmetric key material from a hybrid quantum safe key exchange scheme involving a CRYSTALS-Kyber encrypted value or an AES encrypted value and a pair of ECC keys using the Elliptic Curve Diffie-Hellman protocol.
For more information, see EC Diffie-Hellman key agreement models or Creating a hybrid quantum safe key exchange scheme.
ECDH is a key-agreement protocol that allows two parties, each having an elliptic curve public-private key pair, to establish a shared secret over an insecure channel. This shared secret is used to derive another symmetric key. The ECDH protocol is a variant of the Diffie-Hellman protocol using elliptic curve cryptography. ECDH derives a shared secret value from a secret key owned by an Entity A and a public key owned by an Entity B, when the keys share the same elliptic curve domain parameters. Entity A can be either the initiator of a key-agreement transaction, or the responder in a scheme. If two entities both correctly perform the same operations with corresponding keys as inputs, the same shared secret value is produced.
- Brainpool (key size 160, 192, 224, 256, 320, 384, or 512)
- Prime (key size 192, 224, 256, 384, or 521)
- Edwards (key size 255, 448)
- Koblitz (key size 256)
In addition to having the same elliptic curve domain parameters, the keys must have their key-usage field set to permit key establishment (either KEY-MGMT or KM-ONLY). See ECC key token.
- One to six rule-array keywords:
- A required key-agreement keyword
- An optional transport key-type (required if output_KEK_key_identifier is a lab…