DH keys exchanged - encoding?

Markus Friedl markus at openbsd.org
Fri Jul 5 00:04:42 EST 2002


On Thu, Jul 04, 2002 at 02:55:04PM +0100, Manik Surtani wrote:
> Hi,
> 
> Could anyone pls help by telling me how the DH pubkey from the server 
> (f) is encoded when it is sent back to me?  I understand that it comes 
> across as an mpint, but after I decode the mpint into the bytes that 
> make up the number, what does this number represent?  Is it a X509 
> encoded key?  Or is it something else?


how is this related to x.509? it's just a 

	multiple precision integers in two's complement format

check draft-ietf-secsh-architecture-XX again:

   mpint

      Represents multiple precision integers in two's complement format,
      stored as a string, 8 bits per byte, MSB first.  Negative numbers
      have the value 1 as the most significant bit of the first byte of
      the data partition.  If the most significant bit would be set for
      a positive number, the number MUST be preceded by a zero byte.
      Unnecessary leading bytes with the value 0 or 255 MUST NOT be
      included.  The value zero MUST be stored as a string with zero
      bytes of data.

      By convention, a number that is used in modular computations in
      Z_n SHOULD be represented in the range 0 <= x < n.

       Examples:
       value (hex)        representation (hex)
       ---------------------------------------------------------------
       0                  00 00 00 00
       9a378f9b2e332a7    00 00 00 08 09 a3 78 f9 b2 e3 32 a7
       80                 00 00 00 02 00 80
       -1234              00 00 00 02 ed cc
       -deadbeef          00 00 00 05 ff 21 52 41 11



More information about the openssh-unix-dev mailing list