org.bouncycastle.crypto.agreement.jpake
Class JPAKEPrimeOrderGroup
java.lang.Object
org.bouncycastle.crypto.agreement.jpake.JPAKEPrimeOrderGroup
public class JPAKEPrimeOrderGroup
- extends java.lang.Object
A pre-computed prime order group for use during a J-PAKE exchange.
Typically a Schnorr group is used. In general, J-PAKE can use any prime order group
that is suitable for public key cryptography, including elliptic curve cryptography.
See JPAKEPrimeOrderGroups
for convenient standard groups.
NIST publishes
many groups that can be used for the desired level of security.
Method Summary |
java.math.BigInteger |
getG()
|
java.math.BigInteger |
getP()
|
java.math.BigInteger |
getQ()
|
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
JPAKEPrimeOrderGroup
public JPAKEPrimeOrderGroup(java.math.BigInteger p,
java.math.BigInteger q,
java.math.BigInteger g)
- Constructs a new
JPAKEPrimeOrderGroup
.
In general, you should use one of the pre-approved groups from
JPAKEPrimeOrderGroups
, rather than manually constructing one.
The following basic checks are performed:
- p-1 must be evenly divisible by q
- g must be in [2, p-1]
- g^q mod p must equal 1
- p must be prime (within reasonably certainty)
- q must be prime (within reasonably certainty)
The prime checks are performed using BigInteger.isProbablePrime(int)
,
and are therefore subject to the same probability guarantees.
These checks prevent trivial mistakes.
However, due to the small uncertainties if p and q are not prime,
advanced attacks are not prevented.
Use it at your own risk.
- Throws:
java.lang.NullPointerException
- if any argument is null
java.lang.IllegalArgumentException
- if any of the above validations fail
getP
public java.math.BigInteger getP()
getQ
public java.math.BigInteger getQ()
getG
public java.math.BigInteger getG()