DH

From Hackepedia
Jump to navigationJump to search

Diffie Hellman is a public key cipher developed in 1976 by 2 americans named Whitfield Diffie and Martin Hellman. The protocol exchanges data on both ends of communication to agree mathematically on a common key which can then be used with a symmetric cipher.

Here is what a Diffie Hellman exchange would look like. Peers mean the endpoints of a 2-way communication. This method alone is susceptible to a man-in-middle and timing attacks:

In OpenSSL struct DH consists of the following members:

BIGNUM *p;
BIGNUM *g;
BIGNUM *public_key;
BIGNUM *private_key;


1.
The first peer generates the parameters p (which is a large prime and also a safe prime meaning that (p - 1) / 2 is also prime. It also creates g which OpenSSL calls a generator and is usually a constant of 2 or 5 (both low prime numbers). (DH_generate_parameters())
2.
It then shares p and g with the second peer, which fills these into its own struct DH. (DH_new())
3.
The first peer also generates her public and private key now and also shares the public key with the second peer. (DH_generate_key())
4.
Given p and g the second peer with that creates their own private key and public key (which are different from the first peers)(DH_generate_key()) and
5.
Shares with the first peer their public key.
6.
Given the public key of the other peer, p, g, and their private key both peers are now able to compute a shared secret. (DH_compute_key())
7.
Using this shared secret as the key to a symmetric cipher encrypted communication can now start.