• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Key Agreement Overview and Algorithm Specifications
2
3<!--Kit: Crypto Architecture Kit-->
4<!--Subsystem: Security-->
5<!--Owner: @zxz--3-->
6<!--Designer: @lanming-->
7<!--Tester: @PAFT-->
8<!--Adviser: @zengyawen-->
9
10Key agreement allows two or more parties to jointly establish a shared key in a non-secure environment.
11
12This topic describes the key agreement algorithms and specifications supported by the system.
13
14## ECDH
15
16The Crypto framework provides a variety of Elliptic Curve Diffie–Hellman key exchange (ECDH) capabilities.
17
18When creating a key agreement instance, you need to specify the algorithm specifications in a string parameter, as listed in the table below.
19
20| Asymmetric Key Algorithm| String Parameter| API Version|
21| -------- | -------- | -------- |
22| ECC | ECC224 | 9+ |
23| ECC | ECC256 | 9+ |
24| ECC | ECC384 | 9+ |
25| ECC | ECC521 | 9+ |
26| ECC | ECC_BrainPoolP160r1 | 11+ |
27| ECC | ECC_BrainPoolP160t1 | 11+ |
28| ECC | ECC_BrainPoolP192r1 | 11+ |
29| ECC | ECC_BrainPoolP192t1 | 11+ |
30| ECC | ECC_BrainPoolP224r1 | 11+ |
31| ECC | ECC_BrainPoolP224t1 | 11+ |
32| ECC | ECC_BrainPoolP256r1 | 11+ |
33| ECC | ECC_BrainPoolP256t1 | 11+ |
34| ECC | ECC_BrainPoolP320r1 | 11+ |
35| ECC | ECC_BrainPoolP320t1 | 11+ |
36| ECC | ECC_BrainPoolP384r1 | 11+ |
37| ECC | ECC_BrainPoolP384t1 | 11+ |
38| ECC | ECC_BrainPoolP512r1 | 11+ |
39| ECC | ECC_BrainPoolP512t1 | 11+ |
40| ECC | ECC_Secp256k1 | 14+ |
41| ECC | ECC | 10+ |
42
43As indicated by the last row in the preceding table, you can specify the ECDH key type without the key length and curve name to ensure compatibility with the key generated based on the key parameter. In this case, the key agreement operation varies depending on the actual key length.
44
45## X25519
46
47The crypto framework provides X25519 key agreement capabilities.
48
49When creating a key agreement instance, you need to specify the algorithm specifications in a string parameter, as listed in the table below.
50
51| Asymmetric Key Algorithm| String Parameter| API Version|
52| -------- | -------- | -------- |
53| X25519 | X25519 | 11+ |
54
55## DH
56
57The Crypto framework provides Diffie–Hellman key exchange (DH) key agreement capabilities.
58
59When creating a key agreement instance, you need to specify the algorithm specifications in a string parameter, as listed in the table below.
60
61| Asymmetric Key Algorithm| String Parameter| API Version|
62| -------- | -------- | -------- |
63| DH | DH_modp1536 | 11+ |
64| DH | DH_modp2048 | 11+ |
65| DH | DH_modp3072 | 11+ |
66| DH | DH_modp4096 | 11+ |
67| DH | DH_modp6144 | 11+ |
68| DH | DH_modp8192 | 11+ |
69| DH | DH_ffdhe2048 | 11+ |
70| DH | DH_ffdhe3072 | 11+ |
71| DH | DH_ffdhe4096 | 11+ |
72| DH | DH_ffdhe6144 | 11+ |
73| DH | DH_ffdhe8192 | 11+ |
74| DH | DH | 11+ |
75
76As indicated by the last row in the preceding table, you can specify the DH key type without the named DH group to ensure compatibility with the key generated based on the key parameter. In this case, the key agreement result is determined by the key passed in. In addition, unnamed DH groups are supported.
77