DH

Diffie Hellman is a public key cipher developed in 1976 by 2 americans named Whitfield Diffie and Martin Hellman. The protocol exchanges data on both ends of communication to agree mathematically on a common key which can then be used with a symmetric cipher.

Here is what a Diffie Hellman exchange would look like. Peers mean the endpoints of a 2-way communication. This method alone is susceptible to a man-in-middle and timing attacks:

In OpenSSL struct DH consists of the following members:


 * BIGNUM *p;
 * BIGNUM *g;
 * BIGNUM *public_key;
 * BIGNUM *private_key;


 * 1.: The first peer generates the parameters p (which is a large prime and also a safe prime meaning that (p - 1) / 2 is also prime. It also creates g which OpenSSL calls a generator and is usually a constant of 2 or 5 (both low prime numbers).  (DH_generate_parameters)
 * 2. : It then shares p and g with the second peer, which fills these into its own struct DH. (DH_new)
 * 3. : The first peer also generates her public and private key now and also shares the public key with the second peer. (DH_generate_key)
 * 4. : Given p and g the second peer with that creates their own private key and public key (which are different from the first peers)(DH_generate_key) and
 * 5. : Shares with the first peer their public key.
 * 6. : Given the public key of the other peer, p, g, and their private key both peers are now able to compute a shared secret. (DH_compute_key)
 * 7. : Using this shared secret as the key to a symmetric cipher encrypted communication can now start.