You should use some Key Derivation Function (KDF) to derive a key from this shared secret. For example TLS-1.3 uses HKDF for that. The best way would be to use TLS-1.3 (or some other standardized secure protocol) directly instead of inventing and implementing your own protocol though. Tomas Mraz, OpenSSL On Mon, 2024-07-08 at 12:47 +0000, Vishal Kevat via openssl-users wrote: > > > > Hi OpenSSL, > > I am using group 19 which is ECDH elliptic curve group > (NID_X9_62_prime256v1)and is giving 32 bytes/256 bit of shared secret > key. > > I want to use it to work with AES-128 CBC encryption algorithm. As > the key length generated by ECDH is 32 bytes, is there any way to > generate the key length of 16 bytes/128 bit with group 19 ECDH > algorithm? > > On one of the article, it is mentioned that encryption or > authentication algorithms with a 128-bit key to be used for Diffie- > Hellman groups 5, 14, 19, 20 or 24. > Link: > https://community.cisco.com/t5/security-knowledge-base/diffie-hellman-groups/ta-p/3147010 > Please let me know if group 19 can generate 128 bit key length by any > means. > > Regards, > Vishal Kevat > > > > General -- Tomáš Mráz, OpenSSL
