Hello again,

in chapter 4 (page 106-107) in DH Algorithm discussion, it is not mentioned whether the P and G parameters (P large prime number, G generators for numbers) should be kept secret or not.

In the example that follows the discussion, everything is in the single file (both parties) so it is not clear how they got to agree on P and G.

So is it safe to make P and G public ?

And does it make sense to change P and G over time, or is it safe to use the same parameters ? ( it is mentioned in javadocs for DHParameterSpec about a central authority generating parameters for parties seeking to exchange keys, and that there might be more than one instance of the parameters)

Sincerely
Ray

Yes P and G can be public, as you've realised they have to be shared to make it possible for both parties to generate appropriate keys. It's regarded as safe to keep these constant over time.

Regards,

David

PS. as an aside, the Java APIs actually indicate this, as the parameters are part of the details available off a public key.