Programming Examples

ChilkatHOMEAndroid™ASPVisual BasicVB.NETC#iOS (IPhone)Objective-CC++CMFCDelphiFoxProJavaPerl
PHP ExtensionPHP ActiveXPythonPowerShellRubySQL ServerVBScript

C Examples

Bounced Mail
Bz2
Certificates/Keys
Charset
CSV
DKIM / DomainKey
Diffie-Hellman
DSA
Email Object
Encryption
FileAccess
FTP
HTML Conversion
HTTP
IMAP
MHT / HTML Email
MIME
NTLM
POP3
RSA
SMTP
Socket
Spider
SSH Key
SSH
SSH Tunnel
SFTP
Tar
Upload
XML
Zip
Amazon S3

 

 

 

 

 

 

 

 

Diffie-Hellman Key Exchange (DH)

Diffie-Hellman key exchange (DH) is a cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared secret key.

This example demonstrates how two parties (Alice and Bob) can compute an N-bit shared secret key without the key ever being transmitted.

Downloads:

MS Windows Visual C/C++ Libraries
Linux/CentOS C/C++ Libraries
MAC OS X C/C++ Libraries
Solaris C/C++ Libraries
C++ Builder Libraries
#include <C_CkDh.h>
#include <C_CkCrypt2.h>

void ChilkatSample(void)
    {
    HCkDh dhBob;
    HCkDh dhAlice;
    BOOL success;
    const char * p;
    long g;
    const char * eBob;
    const char * eAlice;
    const char * kBob;
    const char * kAlice;
    HCkCrypt2 crypt;
    const char * sessionKey;
    const char * iv;
    const char * cipherText64;
    const char * plainText;

    //  Create two separate instances of the DH object.
    dhBob = CkDh_Create();
    dhAlice = CkDh_Create();

    //  Unlock the component once at program startup...
    success = CkDh_UnlockComponent(dhBob,"Anything for 30-day trial");
    if (success != TRUE) {
        printf("%s\n",CkDh_lastErrorText(dhBob));
        return;
    }

    //  The DH algorithm begins with a large prime, P, and a generator, G.
    //  These don't have to be secret, and they may be transmitted over an insecure channel.
    //  The generator is a small integer and typically has the value 2 or 5.

    //  The Chilkat DH component provides the ability to use known
    //  "safe" primes, as well as a method to generate new safe primes.

    //  This example will use a known safe prime.  Generating
    //  new safe primes is a time-consuming CPU intensive task
    //  and is normally done offline.

    //  Bob will choose to use the 2nd of our 8 pre-chosen safe primes.
    //  It is the Prime for the 2nd Oakley Group (RFC 2409) --
    //  1024-bit MODP Group.  Generator is 2.
    //  The prime is: 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }
    CkDh_UseKnownPrime(dhBob,2);

    //  The computed shared secret will be equal to the size of the prime (in bits).
    //  In this case the prime is 1024 bits, so the shared secret will be 128 bytes (128 * 8 = 1024).
    //  However, the result is returned as an SSH1-encoded bignum in hex string format.
    //  The SSH1-encoding prepends a 2-byte count, so the result is going  to be 2 bytes
    //  longer: 130 bytes.  This results in a hex string that is 260 characters long (two chars
    //  per byte for the hex encoding).

    //  Bob will now send P and G to Alice.
    p = CkDh_p(dhBob);
    g = CkDh_getG(dhBob);

    //  Alice calls SetPG to set P and G.  SetPG checks
    //  the values to make sure it's a safe prime and will
    //  return FALSE if not.
    success = CkDh_SetPG(dhAlice,p,g);
    if (success != TRUE) {
        printf("P is not a safe prime\n");
        return;
    }

    //  Each side begins by generating an "E"
    //  value.  The CreateE method has one argument: numBits.
    //  It should be set to twice the size of the number of bits
    //  in the session key.

    //  Let's say we want to generate a 128-bit session key
    //  for AES encryption.  The shared secret generated by the Diffie-Hellman
    //  algorithm will be longer, so we'll hash the result to arrive at the
    //  desired session key length.  However, the length of the session
    //  key we'll utlimately produce determines the value that should be
    //  passed to the CreateE method.

    //  In this case, we'll be creating a 128-bit session key, so pass 256 to CreateE.
    //  This setting is for security purposes only -- the value
    //  passed to CreateE does not change the length of the shared secret
    //  that is produced by Diffie-Hellman.
    //  Also, there is no need to pass in a value larger
    //  than 2 times the expected session key length.  It suffices to
    //  pass exactly 2 times the session key length.

    //  Bob generates a random E (which has the mathematical
    //  properties required for DH).

    eBob = CkDh_createE(dhBob,256);

    //  Alice does the same:

    eAlice = CkDh_createE(dhAlice,256);

    //  The "E" values are sent over the insecure channel.
    //  Bob sends his "E" to Alice, and Alice sends her "E" to Bob.

    //  Each side computes the shared secret by calling FindK.
    //  "K" is the shared-secret.

    //  Bob computes the shared secret from Alice's "E":
    kBob = CkDh_findK(dhBob,eAlice);

    //  Alice computes the shared secret from Bob's "E":
    kAlice = CkDh_findK(dhAlice,eBob);

    //  Amazingly, kBob and kAlice are identical and the expected
    //  length (260 characters).  The strings contain the hex encoded bytes of
    //  our shared secret:
    printf("Bob's shared secret:\n");
    printf("%s\n",kBob);
    printf("Alice's shared secret (should be equal to Bob's)\n");
    printf("%s\n",kAlice);

    //  To arrive at a 128-bit session key for AES encryption, Bob and Alice should
    //  both transform the raw shared secret using a hash algorithm that produces
    //  the size of session key desired.   MD5 produces a 16-byte (128-bit) result, so
    //  this is a good choice for 128-bit AES.

    //  Here's how you would use Chilkat Crypt (a separate Chilkat component) to
    //  produce the session key:
    crypt = CkCrypt2_Create();
    success = CkCrypt2_UnlockComponent(crypt,"Anything for 30-day trial.");
    if (success != TRUE) {
        printf("%s\n",CkCrypt2_lastErrorText(crypt));
        return;
    }

    CkCrypt2_putEncodingMode(crypt,"hex");
    CkCrypt2_putHashAlgorithm(crypt,"md5");

    sessionKey = CkCrypt2_hashStringENC(crypt,kBob);

    printf("128-bit Session Key:\n");
    printf("%s\n",sessionKey);

    //  Encrypt something...
    CkCrypt2_putCryptAlgorithm(crypt,"aes");
    CkCrypt2_putKeyLength(crypt,128);
    CkCrypt2_putCipherMode(crypt,"cbc");

    //  Use an IV that is the MD5 hash of the session key...

    iv = CkCrypt2_hashStringENC(crypt,sessionKey);

    //  AES uses a 16-byte IV:
    printf("Initialization Vector:\n");
    printf("%s\n",iv);

    CkCrypt2_SetEncodedKey(crypt,sessionKey,"hex");
    CkCrypt2_SetEncodedIV(crypt,iv,"hex");

    //  Encrypt some text:

    CkCrypt2_putEncodingMode(crypt,"base64");
    cipherText64 = CkCrypt2_encryptStringENC(crypt,"The quick brown fox jumps over the lazy dog");
    printf("%s\n",cipherText64);

    plainText = CkCrypt2_decryptStringENC(crypt,cipherText64);

    printf("%s\n",plainText);

    CkDh_Dispose(dhBob);
    CkDh_Dispose(dhAlice);
    CkCrypt2_Dispose(crypt);

    }

Need a specific example? Send a request to support@chilkatsoft.com

© 2000-2010 Chilkat Software, Inc. All Rights Reserved.