beautypg.com

Zilog EZ80F91AZA User Manual

Page 44

background image

UM020107-1211

SSL Configuration

ZTP Network Security SSL Plug-In

User Manual

38

MIGKAkEA3uxiDPwIuoU6r22inWehs84FBTvrD8bQufdCltw6RAoV+DM5PHkyMLoH\

KEThy65yDANqA0s4tukYX+jEg98IFQJBAKK+9mbWv9G6WqQExbjrjxKUJG863bYR\

QlwmO9kd6hs6rQDa1g1E5UQ9SOrUcs6cLGzuSQYE+0K8G7UEknvAKTYCAgCg"};

ASN1_ENC_DATA

DheParams =

{

PEM_ENCODED_DATA,

sizeof(DH_Params_Pem)-1,

DH_Params_Pem

};

The p and g values must be encoded as a sequence of two ASN.1 DER integers. The first
integer is the value of the prime modulus, p, and the second integer is the value of the gen-
erator, g. The SSL library assumes that p and g have been chosen appropriately. The ASN.1
DER data can optionally be Base64-encoded (as shown in the example above).

The variable used to specify the DH parameters must be of type

ASN1_ENC_DATA

block.

The encoding member of the data structure indicates whether the DH parameters are

DER_ENCODED_DATA

(i.e., DER-encoded ASN.1 data) or

BASE64_DER_ENCODED_DATA

(i.e., Base64 DER-encoded ASN.1 data). Base64 DER-encoded ASN.1 data is also known
as PEM encoding and, therefore, the encoding member of the

ASN1_ENC_DATA

variable

can be specified as

PEM_ENCODED_DATA

.

The

length

and

pData

members of the

ASN1_ENC_DATA

structure indicate the number

of bytes in the encoded data and the address of the first byte of the encoded data.

How to Generate Ephemeral Diffie-Hellman Parameters

The ZTP Network Security SSL Plug-In does not include any utilities to generate Diffie-
Hellman parameters. Third-party utilities must be used to generate Ephemeral Diffie-Hell-
man parameters, if required; Zilog does not recommend or endorse any such utilities. This
section describes how to generate Diffie-Hellman parameters using the

dhparam

com-

mand in OpenSSL.

To generate a Diffie-Hellman parameter, enter the following command at the

OpenSSL

command prompt:

OpenSSL> dhparam -text -out dh_param.txt 512

This command will produce an output file named

dh_param.txt

that contains the prime

modulus and generator in text format, as well as a Base64-encoded ASN.1 DER data
block containing the DH parameters. The maximum length of the DH modulus is 512 bits.
An example of the contents of the text file is shown in the following code fragment:

Diffie-Hellman-Parameters: (512 bit)

Note:

This manual is related to the following products:
See also other documents in the category Zilog Sensors: