From Hackepedia
Jump to navigationJump to search

Diffie Hellman is a public key cipher developed in 1976 by 2 americans named Whitfield Diffie and Martin Hellman. The protocol exchanges data on both ends of communication to agree mathematically on a common key which can then be used with a symmetric cipher.

Here is what a Diffie Hellman exchange would look like. Peers mean the endpoints of a 2-way communication. This method alone is susceptible to a man-in-middle and timing attacks:

In OpenSSL struct DH consists of the following members:

BIGNUM *public_key;
BIGNUM *private_key;

The first peer generates the parameters p (which is a large prime and also a safe prime meaning that (p - 1) / 2 is also prime. It also creates g which OpenSSL calls a generator and is usually a constant of 2 or 5 (both low prime numbers). (DH_generate_parameters())
It then shares p and g with the second peer, which fills these into its own struct DH. (DH_new())
The first peer also generates her public and private key now and also shares the public key with the second peer. (DH_generate_key())
Given p and g the second peer with that creates their own private key and public key (which are different from the first peers)(DH_generate_key()) and
Shares with the first peer their public key.
Given the public key of the other peer, p, g, and their private key both peers are now able to compute a shared secret. (DH_compute_key())
Using this shared secret as the key to a symmetric cipher encrypted communication can now start.