The SDMP uses the Diffie-Hellman key exchange as the way to establish session keys for forward secrecy of network traffic.
Diffie-Hellman Key Exchange
Recall that the generalized Diffie-Hellman key exchange looks like:
- Alice and Bob agree to use the values
pandg - Alice chooses secret
aand sends BobA, whereA=(g^a)%p - Bob chooses secret
band sends AliceB, whereB=(g^b)%p - Alice computes
s, wheres=(B^a)%p - Bob computes
s, wheres=(A^b)%p - Alice and Bob share the secret
s, which is the session key
Description
This object contains the values necessary to establish a Diffie-Hellman key exchange.
The object contains the following properties:
sdmp (object, required)
This root property is part of the container object.
sdmp.schemas (array of strings, required)
Must be a single array entry with the string value: connection
Note that this means that placing any additional information or metadata in the
container object beyond what is specified for the container
and connection schema is considered an error.
connection (object, required)
Holds the parameters used in the Diffie-Hellman key exchange.
connection.g (integer, required)
The value g from the Diffie-Hellman key exchange.
connection.p (string, required)
The value p from the Diffie-Hellman key exchange, whose octets are
unpadded base64url encoded.
connection.N (string, required)
The value N from the Diffie-Hellman key exchange (where N=(g^n)%p) whose
octets are unpadded base64url encoded.
Schema
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"sdmp": {
"type": "object",
"properties": {
"schemas": {
"type": "array",
"items": {
"type": "string"
},
"minItems": 1,
"maxItems": 1
}
}
}
"connection": {
"type": "object",
"properties": {
"g": {
"type": "string"
},
"p": {
"type": "string"
},
"N": {
"type": "object"
}
},
"required": [ "g", "p", "N" ]
}
},
"required": [ "sdmp", "connection" ]
}