XEC curves for ECDH key agreement
XEC curves are supported for elliptic curve Diffie-Hellman (ECDH) key agreement.
Available curves
The following curves are supported.
Note: These curves are not yet NIST-approved and therefore are
not part the IBMJCEPlusFIPS provider.
- Elliptic curves as specified in RFC 7748
-
- X25519
- X448
Key pair generation and key agreement
The IBMJCEPlus provider supports these curves through the KeyPairGeneration and KeyAgreement APIs.
Key pair generation is achieved as usual, except that you must specify the algorithm
parameter (the NamedParamaterSpec object) after the
getInstance call, not before it. Here is an example of how to create a key pair
for the X448
curve:
NamedParameterSpec nps = new NamedParameterSpec("X448");
KeyPairGenerator kpg = KeyPairGenerator.getInstance("XDH", "IBMJCEPlus");
kpg.initialize(nps);
KeyPair keyPair = kpg.generateKeyPair();
(XDH
is a high-level alias for services, such as KeyGeneration,
KeyFactory, and KeyAgreement, that are related to these
curves, as defined in JEP 324: Key Agreement with Curve25519 and Curve448.)Key agreement is also achieved as usual; the only difference is the algorithm that you specify in
the getInstance call. Here is an example of a getInstance call
for using these
curves:
KeyAgreement keyAgree = KeyAgreement.getInstance(XDH, providerName);