The CryptoKey class / xml.CryptoKey methods |
Computes the shared secret based on the given modulus, generator, the private key and the other peer's public key. The returned key can be any of symmetric/HMAC or symmetric/encryption key type. It can be used for symmetric signature or symmetric encryption.
computeKey( otherPubKey xml.CryptoKey, url STRING ) RETURNING sharedSecret xml.CryptoKey
Returns an xml.CryptoKey sharedSecret: An xml.CryptoKey object of the specified type.
In the 3DES case, no key weakness test is done. If the compound shared secret is week, the other peer inovled in the communication may raise an error. It depends on the language used on the other side.
In order to be able to compute an AES256 shared secret of the Java™ side, you need to add or relace the files local_policy.jar and US_export_policy.jar located in $JDK_HOME/jre/lib/security by the Java Cryptographic Extension correspoinding to your JDK version. You can find this extension at http://www.oracle.com/technetwork/java/javase/downloads/index.html.
If the shared secret key length is less than the Diffie-Hellman key length, only the first needed bytes will be taken. For example, if the Diffie-Hellman is 512 bits length and the shared secret is a 3DES key, then only the first 192 bits will be used by the computation. In a 3DES shared secret case, xml.CryptoKey.computeKey() is calculated, where in AES shared secret case, the Diffie-Hellman key is truncated.
If the shared secret key length is bigger than the Diffie-Hellman key length, an error is raised.
In case of error, the method throws an exception and sets the STATUS variable. Depending on the error, a human-readable description of the problem is available in the SQLCA.SQLERRM register. See Error handling in GWS calls (STATUS).