dh question

Brad Fitzpatrick brad at danga.com
Tue Jun 7 15:53:27 PDT 2005

Repling to myself, this is what I've got so far on the server side for
the "get_authkey" mode:

sub _mode_get_authkey {
    my Net::OpenID::Server $self = shift;

    my ($secret_handle, $secret, $good_for) =

    my $now = time();
    my %prop;

    $prop{'auth_type'}     = "hmac-sha1";
    $prop{'secret_handle'} = $secret_handle;
    $prop{'secret_expiry'} = _time_to_w3c($now);
    $prop{'server_time'}   = _time_to_w3c($now + $good_for);

    if ($self->args("openid.enc") eq "dh") {
        my $dh = Crypt::DH->new;
        my $dh_sec = $dh->compute_secret($self->args("openid.dh.gx"));

        $prop{'openid.dh.gy'} = $dh->pub_key;
        $prop{'enc'}          = "dh";
        $prop{'enc_secret'}   = sha1($secret) ^ sha1($dh_sec);

    } else {
        $prop{'secret'} = $secret;

    return $self->_serialized_props(\%prop);

But obviously all those dh.* parameters aren't un-base64'ed and
base64'd where appropriate, and the Math::BigInt objects going to/from
Crypt::DH aren't properly serialized/deserialized as well.

I can finish this up once I get a confirmation that it's
base64(base256-MSB(big number)).  Which should also go into the spec,
because it wasn't obvious to me at least.  Maybe it's a crypto
convention, but assume most implementors won't be crypto people.


On Tue, 7 Jun 2005, Brad Fitzpatrick wrote:

> I'm adding DH/HMAC support to the Perl modules, and I have a question:
> # openid.enc_secret = H(gx ^ y mod p) XOR secret(handle)
> When I run H() on gx^y mod p, what are the actual bytes I'm running H()
> on?
>    -- base-256, MSB?
>        -- adding extra 0 bits to beginning to pad to byte boundary
>    -- decimal string?
>    -- hex string?
>    -- base64 string?  (of what bytes, again)
> I assume base-256, MSB, but let me know.
> - Brad

More information about the yadis mailing list