Chilkat Examples

ChilkatHOMEAndroid™AutoItCC#C++Chilkat2-PythonCkPythonClassic ASPDataFlexDelphi DLLGoJavaJavaScriptNode.jsObjective-CPHP ExtensionPerlPowerBuilderPowerShellPureBasicRubySQL ServerSwiftTclUnicode CUnicode C++VB.NETVBScriptVisual Basic 6.0Visual FoxProXojo Plugin

JavaScript Examples
Web API Categories

AI
ASN.1
AWS KMS
AWS Misc
Amazon EC2
Amazon Glacier
Amazon S3
Amazon S3 (new)
Amazon SES
Amazon SNS
Amazon SQS
Apple Keychain
Async
Azure Cloud Storage
Azure Key Vault
Azure Service Bus
Azure Table Service
Base64
Box
CAdES
CSR
CSV
Cert Store
Certificates
Cloud Signature CSC
Code Signing
Compression
DKIM / DomainKey
DNS
DSA
Diffie-Hellman
Digital Signatures
Dropbox
Dynamics CRM
EBICS
ECC
Ed25519
Email Object
Encryption
FTP
FileAccess
Firebase
GMail REST API
GMail SMTP/IMAP/POP
Geolocation
Google APIs
Google Calendar
Google Cloud SQL
Google Cloud Storage
Google Drive
Google Photos
Google Sheets
Google Tasks
Gzip
HTML-to-XML/Text
HTTP
HTTP Misc
IMAP
JSON
JSON Web Encryption (JWE)
JSON Web Signatures (JWS)
JSON Web Token (JWT)
Java KeyStore (JKS)
JavaScript
MHT / HTML Email
MIME
Markdown
Microsoft Graph
Misc
NTLM
OAuth1
OAuth2
OIDC
Office365
OneDrive
OpenSSL
Outlook
Outlook Calendar
Outlook Contact
PDF Signatures
PEM
PFX/P12
PKCS11
POP3
PRNG
REST
REST Misc
RSA
Regular Expressions
SCP
SCard
SFTP
SMTP
SSH
SSH Key
SSH Tunnel
ScMinidriver
Secrets
SharePoint
SharePoint Online
Signing in the Cloud
Socket/SSL/TLS
Spider
Stream
Tar Archive
ULID/UUID
Upload
WebSocket
X
XAdES
XML
XML Digital Signatures
XMP
Zip
curl
uncategorized

 

 

 

(JavaScript) Diffie-Hellman Key Exchange (DH)

Diffie-Hellman key exchange (DH) is a cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared secret key.

This example demonstrates how two parties (Alice and Bob) can compute an N-bit shared secret key without the key ever being transmitted.

Note
This example is intended for running within a Chilkat.Js embedded JavaScript engine. All Chilkat JavaScript examples require Chilkat v11.4.0 or greater. 
var success = false;

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

// Create two separate instances of the DH object.
var dhBob = new CkDh();
var dhAlice = new CkDh();

// The DH algorithm begins with a large prime, P, and a generator, G.  
// These don't have to be secret, and they may be transmitted over an insecure channel.  
// The generator is a small integer and typically has the value 2 or 5.

// The Chilkat DH component provides the ability to use known
// "safe" primes, as well as a method to generate new safe primes.

// This example will use a known safe prime.  Generating
// new safe primes is a time-consuming CPU intensive task
// and is normally done offline.

// Bob will choose to use the 2nd of our 8 pre-chosen safe primes.  
// It is the Prime for the 2nd Oakley Group (RFC 2409) -- 
// 1024-bit MODP Group.  Generator is 2. 
// The prime is: 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }
dhBob.UseKnownPrime(2);

// The computed shared secret will be equal to the size of the prime (in bits).
// In this case the prime is 1024 bits, so the shared secret will be 128 bytes (128 * 8 = 1024).
// However, the result is returned as an SSH1-encoded bignum in hex string format.
// The SSH1-encoding prepends a 2-byte count, so the result is going  to be 2 bytes
// longer: 130 bytes.  This results in a hex string that is 260 characters long (two chars
// per byte for the hex encoding).

var p;
var g;
// Bob will now send P and G to Alice.
p = dhBob.P;
g = dhBob.G;

// Alice calls SetPG to set P and G.  SetPG checks
// the values to make sure it's a safe prime and will
// return false if not.
success = dhAlice.SetPG(p,g);
if (success !== true) {
    console.log("P is not a safe prime");
    return;
}

// Each side begins by generating an "E"
// value.  The CreateE method has one argument: numBits.
// It should be set to twice the size of the number of bits
// in the session key.

// Let's say we want to generate a 128-bit session key
// for AES encryption.  The shared secret generated by the Diffie-Hellman
// algorithm will be longer, so we'll hash the result to arrive at the
// desired session key length.  However, the length of the session
// key we'll utlimately produce determines the value that should be
// passed to the CreateE method.

// In this case, we'll be creating a 128-bit session key, so pass 256 to CreateE.
// This setting is for security purposes only -- the value
// passed to CreateE does not change the length of the shared secret
// that is produced by Diffie-Hellman.  
// Also, there is no need to pass in a value larger
// than 2 times the expected session key length.  It suffices to
// pass exactly 2 times the session key length.

// Bob generates a random E (which has the mathematical
// properties required for DH).
var eBob;
eBob = dhBob.CreateE(256);

// Alice does the same:
var eAlice;
eAlice = dhAlice.CreateE(256);

// The "E" values are sent over the insecure channel.
// Bob sends his "E" to Alice, and Alice sends her "E" to Bob.

// Each side computes the shared secret by calling FindK.
// "K" is the shared-secret.

var kBob;
var kAlice;

// Bob computes the shared secret from Alice's "E":
kBob = dhBob.FindK(eAlice);

// Alice computes the shared secret from Bob's "E":
kAlice = dhAlice.FindK(eBob);

// Amazingly, kBob and kAlice are identical and the expected
// length (260 characters).  The strings contain the hex encoded bytes of
// our shared secret:
console.log("Bob's shared secret:");
console.log(kBob);
console.log("Alice's shared secret (should be equal to Bob's)");
console.log(kAlice);

// To arrive at a 128-bit session key for AES encryption, Bob and Alice should
// both transform the raw shared secret using a hash algorithm that produces
// the size of session key desired.   MD5 produces a 16-byte (128-bit) result, so
// this is a good choice for 128-bit AES.

// To produce the session key:
var crypt = new CkCrypt2();

crypt.EncodingMode = "hex";
crypt.HashAlgorithm = "md5";

var sessionKey;
sessionKey = crypt.HashStringENC(kBob);

console.log("128-bit Session Key:");
console.log(sessionKey);

// Encrypt something...
crypt.CryptAlgorithm = "aes";
crypt.KeyLength = 128;
crypt.CipherMode = "cbc";

// Use an IV that is the MD5 hash of the session key...
var iv;
iv = crypt.HashStringENC(sessionKey);

// AES uses a 16-byte IV:
console.log("Initialization Vector:");
console.log(iv);

crypt.SetEncodedKey(sessionKey,"hex");
crypt.SetEncodedIV(iv,"hex");

// Encrypt some text:
var cipherText64;

crypt.EncodingMode = "base64";
cipherText64 = crypt.EncryptStringENC("The quick brown fox jumps over the lazy dog");
console.log(cipherText64);

var plainText;
plainText = crypt.DecryptStringENC(cipherText64);

console.log(plainText);
 

© 2000-2026 Chilkat Software, Inc. All Rights Reserved.