DH
From Hackepedia
Diffie Hellman is a public key cipher developed in 1976 by 2 americans named Whitfield Diffie and Martin Hellman. The protocol exchanges data on both ends of communication to agree mathematically on a common key which can then be used with a symmetric cipher.
Here is what a Diffie Hellman exchange would look like. Peers mean the endpoints of a 2-way communication. This method alone is susceptible to a man-in-middle and timing attacks:
In OpenSSL struct DH consists of the following members:
- BIGNUM *p;
- BIGNUM *g;
- BIGNUM *public_key;
- BIGNUM *private_key;
- 1.
- The first peer generates the parameters p (which is a large prime and also a safe prime meaning that (p - 1) / 2 is also prime. It also creates g which OpenSSL calls a generator and is usually a constant of 2 or 5 (both low prime numbers). (DH_generate_parameters())
- 2.
- It then shares p and g with the second peer, which fills these into its own struct DH. (DH_new())
- 3.
- The first peer also generates her public and private key now and also shares the public key with the second peer. (DH_generate_key())
- 4.
- Given p and g the second peer with that creates their own private key and public key (which are different from the first peers)(DH_generate_key()) and
- 5.
- shares with the first peer their public key.
- 6.
- Given the public key of the other peer, p, g, and their private key both peers are now able to compute a shared secret. (DH_compute_key())
- 7.
- Using this shared secret as the key to a symmetric cipher encrypted communication can now start.