1# Key Agreement Overview and Algorithm Specifications 2 3 4Key agreement allows two or more parties to jointly establish a shared key in a non-secure environment. 5 6 7This topic describes the key agreement algorithms and specifications supported by the system. 8 9 10## ECDH 11 12The Crypto framework provides a variety of Elliptic Curve Diffie–Hellman key exchange (ECDH) capabilities. 13 14 15When creating an ECDH key agreement instance, you need to specify the algorithm specifications in a string parameter, as listed in the table below. 16 17 18| Asymmetric Key Algorithm| String Parameter| API Version| 19| -------- | -------- | -------- | 20| ECC | ECC224 | 9+ | 21| ECC | ECC256 | 9+ | 22| ECC | ECC384 | 9+ | 23| ECC | ECC521 | 9+ | 24| ECC | ECC_BrainPoolP160r1 | 11+ | 25| ECC | ECC_BrainPoolP160t1 | 11+ | 26| ECC | ECC_BrainPoolP192r1 | 11+ | 27| ECC | ECC_BrainPoolP192t1 | 11+ | 28| ECC | ECC_BrainPoolP224r1 | 11+ | 29| ECC | ECC_BrainPoolP224t1 | 11+ | 30| ECC | ECC_BrainPoolP256r1 | 11+ | 31| ECC | ECC_BrainPoolP256t1 | 11+ | 32| ECC | ECC_BrainPoolP320r1 | 11+ | 33| ECC | ECC_BrainPoolP320t1 | 11+ | 34| ECC | ECC_BrainPoolP384r1 | 11+ | 35| ECC | ECC_BrainPoolP384t1 | 11+ | 36| ECC | ECC_BrainPoolP512r1 | 11+ | 37| ECC | ECC_BrainPoolP512t1 | 11+ | 38| ECC | ECC_Secp256k1 | 14+ | 39| ECC | ECC | 10+ | 40 41 42As indicated by the last row in the preceding table, you can specify the ECDH key type without the key length and curve name to ensure compatibility with the key generated based on the key parameter. In this case, the key agreement operation varies depending on the actual key length. 43 44 45## X25519 46 47The Crypto framework provides X25519 key agreement capabilities. 48 49 50When creating an X25519 key agreement instance, you need to specify the algorithm specifications in a string parameter, as listed in the table below. 51 52 53| Asymmetric Key Algorithm| String Parameter| API Version| 54| -------- | -------- | -------- | 55| X25519 | X25519 | 11+ | 56 57 58## DH 59 60The Crypto framework provides Diffie–Hellman key exchange (DH) key agreement capabilities. 61 62 63When creating a DH key agreement instance, you need to specify the algorithm specifications in a string parameter, as listed in the table below. 64 65 66| Asymmetric Key Algorithm| String Parameter| API Version| 67| -------- | -------- | -------- | 68| DH | DH_modp1536 | 11+ | 69| DH | DH_modp2048 | 11+ | 70| DH | DH_modp3072 | 11+ | 71| DH | DH_modp4096 | 11+ | 72| DH | DH_modp6144 | 11+ | 73| DH | DH_modp8192 | 11+ | 74| DH | DH_ffdhe2048 | 11+ | 75| DH | DH_ffdhe3072 | 11+ | 76| DH | DH_ffdhe4096 | 11+ | 77| DH | DH_ffdhe6144 | 11+ | 78| DH | DH_ffdhe8192 | 11+ | 79| DH | DH | 11+ | 80 81 82As indicated by the last row in the preceding table, you can specify the DH key type without the named DH group to ensure compatibility with the key generated based on the key parameter. In this case, the key agreement operation varies depending on the actual key length, and unnamed DH groups are also supported. 83