Suggested crypto libs for Diffie-Hellman and Eliptic Curve Diffie-Hellman

Andrew Bartlett abartlet at
Thu Nov 16 06:08:59 UTC 2023

For Group Managed service accounts, which we are working on, for
reasons around RODCs and a few other things, Microsoft has decided to
internally use a key-agreement between a 'root key' and a 'service
key', both held in AD.

The password comes, as I understand it, from the key agreement derived
out of a Diffie-Hellman or Eliptic Curve Diffie-Hellman exchanges.

This is all in MS-GKDI, referenced from

I just wanted to check if there are particularly cryptographic
libraries we should consider for this work.  

In the past we have looked to libnettle when gnutls didn't provide the
functions we wanted, but that was backed out fairly fast as another
method was found ( 0784

Even so, for this case is libnettle still the best first place to look?

Andrew Bartlett

Andrew Bartlett (he/him)
Samba Team Member (since 2001)
Samba Team Lead      
Catalyst.Net Ltd

Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group

Samba Development and Support:

Catalyst IT - Expert Open Source Solutions

More information about the samba-technical mailing list