About Diffie-Hellman Key Agreement

Diffie-Hellman key agreement is a secure protocol for generating a unique, shared key without sending it over the connection, which would make it vulnerable to interception.

In the figure above, each device selects a private value, which is then modified — using prime number modulation — into a public value. The Threat Management Services zl Module supports prime numbers of 768 digits (Group 1), 1024 digits (Group 2), and 1536 digits (Group 5).

 

The devices exchange their public values. Each device uses the other device's public value and its own private value to compute a new value. The computation function is such that these values will be the same. This final value is used as the encryption key.