TDGSS DHKeyP/DHKeyG Property | Teradata Vantage - DHKeyP and DHKeyG - Advanced SQL Engine - Teradata Database

Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Published
July 2021
Language
English (United States)
Last Update
2022-02-15
dita:mapPath
ppz1593203596223.ditamap
dita:ditavalPath
wrg1590696035526.ditaval
dita:id
B035-1100
lifecycle
previous
Product Category
Teradata Vantageā„¢

The Diffie-Hellman encryption key (DH Key) is made up of two values, P and G, which allows two hosts to create and share a secret key to ensure the confidentiality of the encryption key exchange between initiator and acceptor.

The P and G parameters are both public to the system. P is a large prime number, and G is chosen so it is a small primitive root of P, that is, G is a primitive root if and only if G^((P-1)/q) mod P > 1 for all prime divisors q of P-1.

The basic calculation is: G^X mod (P).

The variable X is a private number that each user keeps to themselves. Each uses their private key X to calculate their public key, such that:

PublicKeyUser1 = G^x mod (P)
PublicKeyUser2 = G^y mod (P)

Each user transmits their Public key so that User 2 has PublicKeyUser1 and User 1 has PublicKeyUser2.

User1 computes: K1 = (PublicKeyUser2) ^x mod (P)

User2 computes: K2 = (PublicKeyUser1) ^y mod (P)

There are two sets of DH keys: DHKeyP/DHkeyG and DHKeyP2048/DHKeyG2048. The first pair is 640 bit, which is only supported for compatibility with pre-TD 14.0 systems. In cases where the client and server are both TD 14.0 or higher, the 640 bit keys are never used.

Default Property Value for DHKeyP2048

This 2048 bit DHKeyP is supplied with Teradata Vantage (represented in hex code):

DHKeyP2048="8AB3F86E8D374B782F31DAD5F27D6AFDA30150C11A20CF6346712AE2D2C6B70A5B79D45D4C0C232A065B207B121B2C33E147B5983C38A1087F272703B0B839CBA6F71C5D0EB51EC890934EACF2C7DD2A1DF6F55E89B145A0359D35EF8FB6C561E157B13FF927A35E69963648614902B1034EF71197F545DEF3236244EADAE0689E624CF1245953630AE042BD797C4025E37C51D9F6CBDA0B2278FA7D5CA2D9CA930BE2968330C811A4BA4D0845333C0D62E3EE742154F6B62F2951CD8C73C43B5AA1C7819DEF1D7C9314411E465F8E4796666594AADE0AEB3F1256E5719E7AE54DD34FFDA949634E4A293C5BC60AF258BB9FE558086E83B3DD3D7491966DEE93"

Default Property Value for DHKeyG2048

This 2048 bit DHKeyG is supplied with Teradata Vantage (represented in hex code):

DHKeyG2048="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005"

Default Property Values for Legacy DHKeyG and DHKeyP

<!-- DHKeyP and DHKeyG are for legacy (pre-14.0) use only -->
DHKeyP="E4BE0A78F54C4A0B17E7E9249A78BCC08868C17281D8463C880937853E73DDC787E41580A8AFE2594D984C9E0814C590790354ECCD1BE8EA85961E5E0974B32EFE178335F061E80189B4BDAA20F67B47"
DHKeyG="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005"

Editing Guidelines

  • In high security environments, you can replace the preset key and/or rotate keys periodically to minimize the chance that the key can be compromised.
  • If you edit DHKeyP2048, you should also edit DHKeyG2048.
  • You can edit this property only on all nodes and on the Unity server. Also see Coordinating Mechanism Property Values for Unity.
  • You can use any DH Key with a supported key length. See KeyLength, KeyLengthP.