views:

13

answers:

1

In the association stage of the OpenID process, Diffie-Hellman is used to encrypt the OpenID.session_type value. For using diffie-hellman, we have to generate the value of dh_modulus(p) and dh_gen(g) values. My question is, do I have to generate p and g values each time I send a OpenID request to an OpenID Provider or only during those times when I send a new association.

A: 

You don't need to generate it at all, because you can use the default modulus and dh_gen.

And if you still want to, it's sent only during an association, because it's used only to transmit a shared secret. In all subsequent requests, only the association handle is transmitted.

As for generation method, i suggest looking at the Diffie-Hellman Key Exchange rfc.

Mewp
Thanks for the answer, Mewp.
Felix