Java in a Nutshell, 5th Edition by David Flanagan

Synopsis

This class provides an API to a key-agreement protocol that allows two or more parties to agree on a secret key without exchanging any secrets and in such a way that an eavesdropper listening in on the communication between those parties cannot determine the secret key. The KeyAgreement class is algorithm-independent and provider-based, so you must obtain a KeyAgreement object by calling one of the static getInstance( ) factory methods and specifying the name of the desired key agreement algorithm and, optionally, the name of the desired provider of that algorithm. The “SunJCE” provider implements a single key-agreement algorithm named “DiffieHellman”.

To use a KeyAgreement object, each party first calls the init( ) method and supplies a Key object of its own. Then, each party obtains a Key object from one of the other parties to the agreement and calls doPhase( ). Each party obtains an intermediate Key object as the return value of doPhase( ), and these keys are again exchanged and passed to doPhase( ). This process typically repeats n-1 times, where n is the number of parties, but the actual number of repetitions is algorithm-dependent. When doPhase( ) is called the last time, the second argument must be true to indicate that it is the last phase of the agreement. After all calls to doPhase( ) have been made, each party calls generateSecret( ) to obtain an array of bytes or a SecretKey object for a named algorithm type. All parties obtain the same ...