MFC Examples

ChilkatHOMEASPVisual BasicVB.NETC#Visual C++CMFCDelphiFoxProJavaPerlPHPPythonRubySQL ServerVBScript

MFC Examples

Bounced Mail
Bz2
Certificates/Keys
Charset
CSV
Diffie-Hellman
DSA
Email Object
Encryption
FileAccess
FTP
HTML-to-XML
HTTP
IMAP
MHT / HTML Email
MIME
POP3
RSA
SMTP
Socket
Spider
SSH Key
SSH
SSH Tunnel
SFTP
Tar
Upload
XML
Zip


 

 

 

 

 

 

 

 

Diffie-Hellman Key Exchange (DH)

Diffie-Hellman key exchange (DH) is a cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared secret key.

This example demonstrates how two parties (Alice and Bob) can compute an N-bit shared secret key without the key ever being transmitted.

Download Chilkat C/C++ Libraries for VC++ 9.0 / Win32

Download Chilkat C/C++ Libraries for VC++ 8.0 / Win32

Download Chilkat C/C++ 64-bit Libraries for VC++ 8.0 / x64

Download Chilkat Visual Studio 2005 C/C++ Libs for Windows Mobile, Pocket PC, SmartPhone, WinCE

Download Chilkat C/C++ Libraries for VC++ 7.0 / Win32

Download Chilkat C/C++ Libraries for VC++ 6.0 / Win32

Download Chilkat C/C++ Libraries for VC++ 6.0, Win 95/98/NT4 Compatible

// Needs #include <CkDh.h>
// Needs #include <CkCrypt2.h>

    CkString strOut;

    //  Create two separate instances of the DH object.
    CkDh dhBob;
    CkDh dhAlice;

    bool success;

    //  Unlock the component once at program startup...
    success = dhBob.UnlockComponent("Anything for 30-day trial");
    if (success != true) {
        strOut.append(dhBob.lastErrorText());
        strOut.append("\r\n");
        SetDlgItemText(IDC_EDIT1,strOut.getUnicode());
        return;
    }

    //  The DH algorithm begins with a large prime, P, and a generator, G.
    //  These don't have to be secret, and they may be transmitted over an insecure channel.
    //  The generator is a small integer and typically has the value 2 or 5.

    //  The Chilkat DH component provides the ability to use known
    //  "safe" primes, as well as a method to generate new safe primes.

    //  This example will use a known safe prime.  Generating
    //  new safe primes is a time-consuming CPU intensive task
    //  and is normally done offline.

    //  Bob will choose to use the 2nd of our 8 pre-chosen safe primes.
    //  It is the Prime for the 2nd Oakley Group (RFC 2409) --
    //  1024-bit MODP Group.  Generator is 2.
    //  The prime is: 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }
    dhBob.UseKnownPrime(2);

    //  The computed shared secret will be equal to the size of the prime (in bits).
    //  In this case the prime is 1024 bits, so the shared secret will be 128 bytes (128 * 8 = 1024).
    //  However, the result is returned as an SSH1-encoded bignum in hex string format.
    //  The SSH1-encoding prepends a 2-byte count, so the result is going  to be 2 bytes
    //  longer: 130 bytes.  This results in a hex string that is 260 characters long (two chars
    //  per byte for the hex encoding).

    const char * p;
    long g;
    //  Bob will now send P and G to Alice.
    p = dhBob.p();
    g = dhBob.get_G();

    //  Alice calls SetPG to set P and G.  SetPG checks
    //  the values to make sure it's a safe prime and will
    //  return false if not.
    success = dhAlice.SetPG(p,g);
    if (success != true) {
        strOut.append("P is not a safe prime\r\n");
        SetDlgItemText(IDC_EDIT1,strOut.getUnicode());
        return;
    }

    //  Each side begins by generating an "E"
    //  value.  The CreateE method has one argument: numBits.
    //  It should be set to twice the size of the number of bits
    //  in the session key.

    //  Let's say we want to generate a 128-bit session key
    //  for AES encryption.  The shared secret generated by the Diffie-Hellman
    //  algorithm will be longer, so we'll hash the result to arrive at the
    //  desired session key length.  However, the length of the session
    //  key we'll utlimately produce determines the value that should be
    //  passed to the CreateE method.

    //  In this case, we'll be creating a 128-bit session key, so pass 256 to CreateE.
    //  This setting is for security purposes only -- the value
    //  passed to CreateE does not change the length of the shared secret
    //  that is produced by Diffie-Hellman.
    //  Also, there is no need to pass in a value larger
    //  than 2 times the expected session key length.  It suffices to
    //  pass exactly 2 times the session key length.

    //  Bob generates a random E (which has the mathematical
    //  properties required for DH).
    const char * eBob;
    eBob = dhBob.createE(256);

    //  Alice does the same:
    const char * eAlice;
    eAlice = dhAlice.createE(256);

    //  The "E" values are sent over the insecure channel.
    //  Bob sends his "E" to Alice, and Alice sends her "E" to Bob.

    //  Each side computes the shared secret by calling FindK.
    //  "K" is the shared-secret.

    const char * kBob;
    const char * kAlice;

    //  Bob computes the shared secret from Alice's "E":
    kBob = dhBob.findK(eAlice);

    //  Alice computes the shared secret from Bob's "E":
    kAlice = dhAlice.findK(eBob);

    //  Amazingly, kBob and kAlice are identical and the expected
    //  length (260 characters).  The strings contain the hex encoded bytes of
    //  our shared secret:
    strOut.append("Bob's shared secret:");
    strOut.append("\r\n");
    strOut.append(kBob);
    strOut.append("\r\n");
    strOut.append("Alice's shared secret (should be equal to Bob's)");
    strOut.append("\r\n");
    strOut.append(kAlice);
    strOut.append("\r\n");

    //  To arrive at a 128-bit session key for AES encryption, Bob and Alice should
    //  both transform the raw shared secret using a hash algorithm that produces
    //  the size of session key desired.   MD5 produces a 16-byte (128-bit) result, so
    //  this is a good choice for 128-bit AES.

    //  Here's how you would use Chilkat Crypt (a separate Chilkat component) to
    //  produce the session key:
    CkCrypt2 crypt;
    success = crypt.UnlockComponent("Anything for 30-day trial.");
    if (success != true) {
        strOut.append(crypt.lastErrorText());
        strOut.append("\r\n");
        SetDlgItemText(IDC_EDIT1,strOut.getUnicode());
        return;
    }

    crypt.put_EncodingMode("hex");
    crypt.put_HashAlgorithm("md5");

    const char * sessionKey;
    sessionKey = crypt.hashStringENC(kBob);

    strOut.append("128-bit Session Key:");
    strOut.append("\r\n");
    strOut.append(sessionKey);
    strOut.append("\r\n");

    //  Encrypt something...
    crypt.put_CryptAlgorithm("aes");
    crypt.put_KeyLength(128);
    crypt.put_CipherMode("cbc");

    //  Use an IV that is the MD5 hash of the session key...
    const char * iv;
    iv = crypt.hashStringENC(sessionKey);

    //  AES uses a 16-byte IV:
    strOut.append("Initialization Vector:");
    strOut.append("\r\n");
    strOut.append(iv);
    strOut.append("\r\n");

    crypt.SetEncodedKey(sessionKey,"hex");
    crypt.SetEncodedIV(iv,"hex");

    //  Encrypt some text:
    const char * cipherText64;

    crypt.put_EncodingMode("base64");
    cipherText64 = crypt.encryptStringENC("The quick brown fox jumps over the lazy dog");
    strOut.append(cipherText64);
    strOut.append("\r\n");

    const char * plainText;
    plainText = crypt.decryptStringENC(cipherText64);

    strOut.append(plainText);
    strOut.append("\r\n");

    SetDlgItemText(IDC_EDIT1,strOut.getUnicode());

Need a specific example? Send a request to support@chilkatsoft.com

© 2000-2008 Chilkat Software, Inc. All Rights Reserved.