If the source address was forged, the opponent gets no answer.

validating diffie hellman public private keys-57

Are the keys then combined using another algo on the client side that is decoded on the server side and if matched the resource requested is then shown? Any links or suggestions would be well apprecciated There are a few algorithms that make use of private/public keypairs.

The three common uses for them are: encryption/decryption, signing/verifying, and key agreement.

The last two groups use the elliptic curve analog to Diffie-Hellman, which was described in Chapter 10. Each nonce is a locally generated pseudorandom number.

Nonces appear in responses and are encrypted during certain portions of the exchange to secure their use.

I am creating a RESTful API web service and I need a way of implementing public and private key pairs.

I will use some of PHP's built in functions to create my own algo to generate both of the values for the keys.

Repeated messages of this type can requires that each side send a pseudorandom number, the cookie, in the initial message, which the other side acknowledges.

This acknowledgment must be repeated in the first message of the Diffie-Hellman key exchange.

Three different The Oakley specification includes a number of examples of exchanges that are allowable under the protocol.