A few other ways to configure DH parameters

I initialized the key pair generator by specifying the modulus p and the generator g in my last post. There are a few other ways.

Javadoc for KeyPairGenerator class says in its preface, There are two ways to generate a key pair: in an algorithm-independent manner, and in an algorithm-specific manner. The only difference between the two is the initialization of the object. It explains how SunJCE works in the case of the algorithm-independent manner, as follows.

If the algorithm is the DSA algorithm, and the keysize (modulus size) is 512, 768, or 1024, then the Sun provider uses a set of precomputed values for the p, q, and g parameters. If the modulus size is not one of the above values, the Sun provider creates a new set of parameters.

This is also applied to the Diffie-Hellman algorithm too.

Continue reading

Posted in Cryptography, Java | Tagged , | Leave a comment

Diffie-Hellman 2048-bit MODP now supported by JDK 8

Diffie-Hellman key pair generator provided by Sun’s JCE provider had been rejecting prime number modulus whose size is more than 1024 bits. In JDK 7 and earlier, the size must be a multiple of 64 that ranges from 512 and 1024 inclusive.

Continue reading

Posted in Cryptography, Java | Tagged , | Leave a comment

LDAP over SSL/TLS and StartTLS

There are two approaches to make secure connections to LDAP servers. One is LDAP over SSL/TLS (LDAPS) and the other is StartTLS. I have quickly tried them by using Apache Directory LDAP API (version 1.0.0-M20) and UnboundID LDAP SDK for Java (version 2.3.5). The LDAP server in my environment is OpenLDAP (version 2.4.38) with SSL/TLS enabled by OpenSSL (version 1.0.1e).

Continue reading

Posted in Java, LDAP | Tagged , , , | Leave a comment

Which is your best, Apache or UnboundID?

What is your most favorite library to use when you want to write something to do with LDAP servers in Java language? LDAP Java library – Stack Overflow lists four choices: JNDI (Java Naming and Directory Interface), Spring LDAP, Apache Directory LDAP API, and UnboundID LDAP SDK. I have got interested in Apache and UnboundID.

Continue reading

Posted in Java, LDAP | Tagged , | 1 Comment

Installation of OpenLDAP on Debian Wheezy

This article briefly describes how I have set up OpenLDAP server on my Debian GNU/Linux machine. I hope it could be of any help to somebody interested in this topic.

Continue reading

Posted in LDAP | Tagged , | Leave a comment