Read the original article:How to generate DH keys
Problem Description
How to generate a DH key? A specific process and code example are needed to implement the generation of a DH key.
Background Knowledge
DH Algorithm Introduction:
DH (Diffie–Hellman key exchange) is a key agreement algorithm that involves only the exchange of public keys. It provides forward security, preventing the private keys of both parties from being exposed even if the communication channel is intercepted.
Currently, DH keys can be generated using both string parameters and key parameters. Public key parameters can also be generated based on prime number length and private key length.
DH algorithm specifications:
Scenario 1: Generate using string parameters.
Scenario 2: Generate using key parameters.
DH algorithm related interface introduction:
Specify the DH algorithm common parameters: DHCommonParamsSpec.
Specify the DH algorithm private key parameters: DHPriKeySpec.
Specify the DH algorithm public key parameters: DHPubKeySpec.
Specify the full set of DH algorithm parameters: DHKeyPairSpec.
Create an asymmetric key generator by specifying key parameters: createAsyKeyGenerator.
Create an asymmetric key generator by specifying a string with the algorithm name: createAsyKeyGenerator.
Troubleshooting Process
The bit length of the prime number p must be greater than or equal to 512 and less than or equal to 10,000.
The DH algorithm can generate keys by using string parameters or key parameters.
Solution
Scenario 1: Call the createAsyKeyGenerator interface to generate a DH key pair using DH string parameters:
import { cryptoFramework } from '@kit.CryptoArchitectureKit'
export function getDHKeyFromStringParms(){
try {
let spec = cryptoFramework.createAsyKeyGenerator('DH_modp2048')
let pubKey = spec.generateKeyPairSync().pubKey.getEncoded().data
let priKey = spec.generateKeyPairSync().priKey.getEncoded().data
console.info(`getDHKeyFromStringParms success, DH public key = ${pubKey.toString()}`)
console.info(`getDHKeyFromStringParms success, DH priKey key = ${priKey.toString()}`)
} catch (error) {
console.error(`failed, error = ${JSON.stringify(error)}`);
}
}
Scenario 2: Generate a DH key using key parameters:
- Call the DHCommonParamsSpec interface to generate the key public parameters DHCommonParamsSpec through the p, g, and l parameters.
- Call the DHKeyPairSpec interface to generate DH key parameters DHKeyPairSpec through private key parameters, public key parameters, and public parameters.
- Call the createAsyKeyGeneratorBySpec interface to generate a DH key pair using DH key parameters.
import { cryptoFramework } from '@kit.CryptoArchitectureKit'
export function getDHKeyFromParms(){
try {
let dHCommonParamsSpec: cryptoFramework.DHCommonParamsSpec = {
p: BigInt('0xb70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21'),
g: BigInt('0xbd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34'),
l: 192,
algName: 'DH',
specType: cryptoFramework.AsyKeySpecType.COMMON_PARAMS_SPEC
};
let dHKeyPairSpec: cryptoFramework.DHKeyPairSpec = {
sk: BigInt('0xfffffffffffffffffffffffffffffffefffffffffffffffffffffffe'),
pk: BigInt('0xb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4'),
params: DHCommonParamsSpec,
algName: 'DH',
specType: cryptoFramework.AsyKeySpecType.KEY_PAIR_SPEC
}
let spec = cryptoFramework.createAsyKeyGeneratorBySpec(DHKeyPairSpec)
let pubKey = spec.generateKeyPairSync().pubKey.getEncoded().data
let priKey = spec.generateKeyPairSync().priKey.getEncoded().data
console.info(`getDHKeyFromParms success, DH public key = ${pubKey.toString()}`)
console.info(`getDHKeyFromParms success, DH priKey key = ${priKey.toString()}`)
} catch (error) {
console.error(`getDHKeyFromParms failed, error = ${JSON.stringify(error)}`);
}
}
Top comments (0)