java - Key derivation function for Shared secret generated by diffie hellman key exchange -

how use shared secret genrated diffie hellman key exchange further, key derivation function.

this code:

keypairgenerator keygen = keypairgenerator.getinstance("ecdh", "bc");          ecgenparameterspec ecsp;         ecsp = new ecgenparameterspec("secp192r1");          keygen.initialize(ecsp, new securerandom());         // generate rsa assymetric keypair         keypair alice_pair = keygen.generatekeypair();         // extract public key         publickey alice_pub =  alice_pair.getpublic();         // extract private key         privatekey alice_pvt = alice_pair.getprivate();    keyagreement alice_agreement =    keyagreement.getinstance("ecdh","bc");         alice_agreement.init(alice_pair.getprivate());         alice_agreement.dophase(bob_pub, true);         byte[] alice_secret = alice_agreement.generatesecret();         secretkeyspec alice_aes = new secretkeyspec(alice_secret, "aes");          // create keyagreement bob         keyagreement bob_agreement = keyagreement.getinstance("ecdh","bc");         bob_agreement.init(bob_pvt);         bob_agreement.dophase(alice_pub, true);  

can shared secret can ecc curve point?

the resulting shared secret curve point. why shouldn't work ecdh secret directly, because few secrets whole space of secrets curve points , bits result "weak" - predictable knowledge of chosen elliptic curve.

you should following steps secret aes key:

1. hash result of ecdh secure hash algorithm (sha256, sha512).
2. take first 16 bytes of hash
3. create aes key.

---

note:

you using bouncy castle crypto provider. according documentation , source code, shared secret result x affine coordinate of desired ec point (an instance of java.math.biginteger) encoded byte array.