FBB::DiffieHellman(3bobcat) | Diffie Hellman key computations | FBB::DiffieHellman(3bobcat) |
FBB::DiffieHellman - Diffie-Hellman PKI, computing shared keys
#include <bobcat/diffiehellman>
Linking option: -lbobcat -lcrypto
The class FBB::DiffieHellman computes shared keys (shared secrets) using the Diffie-Hellman (1976) algorithm. The Diffie-Hellman algorithm uses public and private information, providing a public key infrastructure (PKI). The public information consists of a prime (e.g., a prime number consisting of 1024 bits), a generator (for which the value 5 is commonly used), and (using ** to represent the power operator on integral values) the value generator ** private mod prime, where private is a randomly selected large number, which is the private information.
The Diffie-Hellman algorithm is commonly used to compute a shared key which can be used to encrypt information sent between two parties. One party, which in this man-page is called the initiator, computes the prime and defines the generator. The prime is computed by FBB::DiffieHellman’s first constructor, while the generator is passed to this constructor as one of its arguments. For the generator the value 5 is often used.
Next the initiator passes its public information, consisting of the prime, the generator, and the value pow(generator, private) mod prime to the other party, which in this man-page is called the peer. The public information is written in binairy, big-endian form to file using the member save. The initiator may optionally save the private information to a separate file as well.
The peer thereupon receives the initiator’s public information. The initialor’s public information is read by a FBB::DiffieHellman constructor either expecting the name of a file or a std::istream containining the initiator’s public information.
Having obtained the prime and generator, the peer’s public (and, optionally, private information) is saved by also calling save. This results, among other things, in the value pow(generator, private) mod prime, but now using the peer’s private information.
At this point the peer is already able to compute the shared key. The key is returned by calling the key member, which returns the shared key as a series of bytes stored in a std::string.
Before the initiator can compute the shared key the peer’s generator ** private mod prime value must be available. The peer sends the saved public data to the initiator. The initiator then passes the peer’s public data either by file name or by std::istream to the key member, returning the shared key.
Perfect Forward Secrecy and Ephemeral Diffie Hellman
If the initiator and peer decide not to save their private information Perfect Forward Secrecy and Ephemeral Diffie Hellman may be obtained. Here, the procedure is applied as follows:
Document encryption using Diffie Hellman
As with PKI in general, the Diffie Hellman key exchange method itself is not normally used for encrypting documents. Instead, it is usually used to exchange the key that is used for symmetric encryption methods like 3DES and CBC. These symmetric encryption methods are available through, e.g., Bobcats’ EncryptBuf, DecryptBuf, and ISymCryptStream classes.
FBB
All constructors, members, operators and manipulators, mentioned in this
man-page, are defined in the namespace FBB.
-
Copy and move constructors (and assignment operators) are available.
When called without arguments, the example program generates Diffie-Hellman parameters writing the initiator’s public and private information to, respectively, init.pub and init.sec.
When called with one argument, init.pub is read, and the peer’s public and private information is written to, respectively, peer.pub and peer.sec. Next, the (peer’s) shared key is written to peerkey.
When called with two arguments, init.pub and init.sec are read, as well as the peer’s public information (on the file peer.pub). Next, the (initiator’s) shared key is written to initkey.
The files peerkey and initkey should be identical.
#include <fstream> #include <iostream> #include <bobcat/exception> #include "../diffiehellman" using namespace FBB; using namespace std; int main(int argc, char **argv) try {
if (argc == 1)
{
cout << "1: create prime and generator, write to ’params’\n"
"2: create secret and public parts, arg 2: 0 or 1,\n"
" write secret and public parts to <arg 2>.sec and "
"<arg 2>.pub\n"
"3: create common key arg 2: 0 or 1,\n"
" 0: write common0 using 0.pub, 0.sec and 1.pub\n"
" 1: write common1 using 1.pub, 1.sec and 0.pub\n"
;
return 0;
}
switch (*argv[1]) // using generator == 5
{
case ’1’:
{
ofstream out = Exception::factory<ofstream>("params");
out << hex << DiffieHellman::prime(1024, true, true) << ’\n’;
}
break;
case ’2’:
{
char *nr = argv[2];
if (nr == 0 || "01"s.find(*nr) == string::npos)
throw Exception{} << "mode ’2’ needs 0 or 1 as 2nd argument";
ifstream in = Exception::factory<ifstream>("params");
BigInt prime;
in >> hex >> prime;
DiffieHellman dh{ prime };
dh.save(nr);
}
break;
case ’3’:
{
char *nr = argv[2];
if (nr == 0 || "01"s.find(*nr) == string::npos)
throw Exception{} << "mode ’3’ needs 0 or 1 as 2nd argument";
DiffieHellman dh{ nr + ".pub"s, nr + ".sec"s };
cout << "common key computed by " << nr << ":\n" <<
hex << dh.key((nr[0] == ’0’ ? ’1’ : ’0’) + ".pub"s) << ’\n’;
}
break;
default:
throw Exception{} << "undefined action `" << *argv[1] <<’\’’;
} } catch (std::exception const &exc) {
std::cout << exc.what() << ’\n’; }
bobcat/diffiehellman - defines the class interface
bobcat(7), bigint(3bobcat), ecdh(3bobcat), isymcryptstream(3bobcat), osymcryptstream(3bobcat)
None Reported.
Bobcat is an acronym of `Brokken’s Own Base Classes And Templates’.
This is free software, distributed under the terms of the GNU General Public License (GPL).
Frank B. Brokken (f.b.brokken@rug.nl).
2005-2022 | libbobcat-dev_6.02.02 |