CodeProject: Diffie-Hellman Key Exchange Example. Free source code and programming help

Report Article

Discuss

Send to a friend

20 votes for this Article.

Popularity: 4.42 Rating: 3.40 out of 5

Introduction

It's often required that a message be encrypted between two parties for secure communication. There are plenty of algorithms out there for encryption that are very secure, but their weakness lies in transporting the encryption key. The Diffie-Hellman key exchange protocol allows people to exchange keys in a manner that does not allow an eavesdropper to calculate the key in a fast manner.

This code demonstrates the use of this type of key exchange.

How to Use the Demo Project

To demonstrate the use of the key exchange, run two copies of the demo application. Set one to be the sender and the other to be a receiver.

The sender should generate the public keys, and the sender's interim key. Paste these values into the appropriate text boxes in the receiver application. The receiver should then click to generate his interim key, and copy this key into the "receiver's interim key" text box on the sender application. Both applications should then be able to generate the same key by clicking "Generate Key".

Using the Source Code

The DRMCrypto class is simple to use and should be integrated in the following manner:

Make an instance of the class - (i.e. CDrmCrypto *DH = new CDrmCrypto;)

The sender application then does the following:

__int64 n = 0;
__int64 g = 0;
__int64 SInterim = 0;
__int64 RInterim = 0;
__int64 key = 0; 

DH->CreateKeys(g,n);
DH->CreateSenderInterKey(SInterim);

//The sender now sends (n, g, and SInterim) to the receiving application


//This can be done unencrypted because they are public keys

//Now we wait until the reciever send us their interim key lets say RInterim


DH->CreateSenderEncryptionKey(key,RInterim);
//The shared encryption key is now the value of 'key'

The receiving application does the following:

__int64 n = 0;
__int64 g = 0;
__int64 SInterim = 0;
__int64 RInterim = 0;
__int64 key = 0;

//Wait for the values of (n,g, and SInterim) to be sent here


DH->CreateRecipientInterKey(RInterim);

//Now send the RInterim key to the sender application


DH->CreateRecipientEncryptionKey(key,SInterim);
//The shared encryption key is now the value of 'key'

Extra Functions

There are some private member functions of the CDRMCrypto class that you may find useful, and please feel free to use them.

The GeneratePrime() function generates a large prime number.
The MillerRabin and IsItPrime functions can be used in conjunction to test primality.
The XtoYmodN is a function to raise x to the power of y in modulus n. Even though it sounds impossible for a computer to work out, say 150 million to the power of 150 million, this can be done in modulus n by using the power chaining method.

Further Help

Should you require any additional help, please do not hesitate to contact me. I would be interested in hearing your comments, suggestions and any questions.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

About the Author

Griffter UK

Occupation:	Software Developer (Senior)
Location:	United Kingdom

Other popular Cryptography & Security articles:

Understanding .NET Code Access Security
A full length article on .NET Code Access Security
Hiding a text file in a bmp file
How to hide a text file in a bmp file
.NET Encryption Simplified
A simple, string-oriented class for symmetric encryption, asymmetric encryption, and hashing.
Using XML Digital Signatures for Application Licensing
Use XML Digital Signatures for a request- and signing-based licensing mechanism for your applications.
Strong Names Explained
.NET Strong Name technology explained

Article Top

You must Sign In to use this message board.

Msgs 1 to 25 of 44 (Total in Forum: 44) (Refresh)

FirstPrevNext

Subject

Author

Date

Compile on linux

Filipe Niero Felisbino

9:33 2 Jun '08

Hello. First of all congratulations...

I've successfully compiled that sources on linux by making the following changes:

in DrmCrypto.h line 62:

typedef int64_t __int64;

In the DrmCrypto.cpp method __int64 CDrmCrypto::GetRTSC( void ) I've changed to:


__int64 CDrmCrypto::GetRTSC( void )
{
#ifdef _WIN32	
	int tmp1 = 0;
	int tmp2 = 0;
	__asm
	{		RDTSC;			// Clock cycles since CPU started
		mov tmp1, eax;
		mov tmp2, edx;
	}
	return ((__int64)tmp1 * (__int64)tmp2);
#else
	__int64 result;
	asm ("RDTSC" : "=A" (result));
	return result;
#endif
}

That's all... Smile

Re: Compile on linux

MrLeeGriffiths

0:21 3 Jun '08

Excellent - thanks for that Filipe!
Sign In·View Thread·PermaLink

Problem compiling

wygno2

18:58 9 Apr '07

When I try to build, it displays the LNK6004 error. Can someone tell me how to solve it?
Sign In·View Thread·PermaLink

Re: Problem compiling

MrLeeGriffiths

23:51 9 Apr '07

Hi Wygno, Can you elaborate a bit further? What operating system and what compiler are you using? Also what is the full description of the link error/ Thanks.
Sign In·View Thread·PermaLink	1.00/5 (1 vote)

Enquiry

wygno2

1:46 8 Apr '07

Hi, I'm a beginner and I'm wondering what DRMCrypto class is? Could you be kind enough to provide a bit of explanation? Thanks
Sign In·View Thread·PermaLink

Re: Enquiry

MrLeeGriffiths

23:49 9 Apr '07

Hi wygno, the DRMCrypto class is something I wrote to demonstrate the use of the Diffie Hellman Key Exchange protocol. It isn't a Windows API. Thanks.
Sign In·View Thread·PermaLink

Diffie Hellman Key exchange

Naeem Qazi

10:44 21 Nov '06

Hello My concept on diffie key exchange is not clear. If any one has diffie hellman code. Please send me simple diffie hellman code. I really need it? Regards Muhammad Naeem Naeem Qazi
Sign In·View Thread·PermaLink	2.50/5 (2 votes)

Re: Diffie Hellman Key exchange

Garth J Lancaster

11:23 21 Nov '06

this might explain it a bit better (from a post further down the page) http://www.codeproject.com/cpp/DiffieHellmanExample.asp?msg=1769062#xx1769062xx[^]

as for simple ? there's easy to use, there's a good implementation or a bad implementation of an algorithm, but simple ? would you trust a 'simple' encryption algorithm .. I hope not

Modified - you might also want to google for Wei Dai's Crypto++ or CryptLib from Peter Guttman, or LibTomCrypt - all good libraries implementing algorithms in different ways - but simple ?? I think not

'g'

3.00/5 (2 votes)

Re: Diffie Hellman Key exchange

Naeem Qazi

0:29 22 Nov '06

Hello Thank you very much for reply. Actually by simple I mean that I dont need its GUI coding. I need the diffie hellman key exchange coding but without the use of libraries. I m mean to not use the libraries for it. Regards Muhammad Naeem Naeem Qazi
Sign In·View Thread·PermaLink	1.00/5 (1 vote)

Re: Diffie Hellman Key exchange

Hashbullet

2:09 30 Mar '07

Make clear about the concept: http://www.securitydocs.com/library/2978
Sign In·View Thread·PermaLink

Diffie Hellman Key exchange

gokikrishnan

3:45 26 Apr '07

I know the concept of Diffie Hellman Key Exchange. But i am badly in need of Diffie Hellman key exchange program written in java. If anybody finds it kindly provide me the program as early as possible. Its very urgent. thank you one and all Gokulakrishnan
Sign In·View Thread·PermaLink	2.00/5 (2 votes)

GUID problem FIXED

MrLeeGriffiths

7:23 6 Jul '06

Hi All, I have now modified the class so that it does not use the GUID structure or the Windows API (CoCreateGuid). I have requested the download to be updated, but in the meantime if you reply to this message with your email address I can send you the latest version. Thanks. Lee
Sign In·View Thread·PermaLink

Re: GUID problem FIXED

qaziejaz

23:36 8 Oct '07

Please send me the code of Deffie Hellman algorithm to the email address i.e. qaziejaz@hotmail.com, please send me the code as soon as possible, I am doing my research work and in my research I need the said code. thank's Qazi Ejaz 31081979
Sign In·View Thread·PermaLink

Magetting errors coz of GUID

virgo_aquarian

16:44 14 Oct '05

I have to implement IPSEC n using omnet with .net to code it.... I find ur example very helpful... It is very easy to understand even for me when i dont know the details of the Diffie Helliman key exchange algorithm......

The compiler for ipv6suitewithinet (based on omnet n vc.net) doesnt support to resolve GUID u use in ur example....... It is giving me the Linking error to the external symbol to the function CoCreate()..... Can u plz help me... if i need to include certain file for it???? or is there any alternative i can use????

thanks a lot in advance...

Regards,
Maria

DH 1024 bits

Y G

11:39 14 Sep '05

Would it be possible for you to support 1024 bit keys ?
Sign In·View Thread·PermaLink	2.25/5 (3 votes)

Re: DH 1024 bits

Hashbullet

2:07 30 Mar '07

ya..it is..but you have to create a library file to support big numbers.
Sign In·View Thread·PermaLink

Limitations?

gthakral

10:54 10 Aug '05

Hye Lee Your project is very interesting. I have a questions. I wanted to ask you what is/are the limitation in your project. I am waiting for your response, Thanks Garima Thakral
Sign In·View Thread·PermaLink

Re: Limitations?

MrLeeGriffiths

23:17 10 Aug '05

Hi Garima,

The only limitation to this current project is that the ephemeral and exchange keys are limited to the size of an __int64 (e.g. 64-bit keys).

If you look under the post/reply to this article (below this one) - you should see Runtime Optimization - in my relpy you will see the best way to use Diffie-Hellman key exchange is by using the Microsoft Crypto API functions.

If you do want to use my code instead though, feel free to do so Smile

(like I said only limitiation is 64-bit keys)

Best Regards,

Lee Griffiths

runtime optimization

haneen

6:55 28 Jul '05

first of it's a very nice code you got there I've noticed you have a define for maximum number, so i tried to change it to a larger number and the algorithm became extremely slow, so i haven't been able to get a 64 bit prime number, to be able to use in DES for example.. any suggestions??? H.A.
Sign In·View Thread·PermaLink

Re: Generating Primes, DES and a whole lot more!

MrLeeGriffiths

5:12 29 Jul '05

First off, the best way to use Diffie Hellman should be to use tried and tested API's
[Microsoft Cryptographic Libraries for Diffie-Hellman]

You can use the Microsoft Cryptographic Service Providers to achieve a lot of your cryptography needs. Lookup CryptAcquireContext and go from there - everything from RSA to DES to Diffie-Hellman and so on. I've included an example here of how to generate a prime using the Microsoft CryptoAPI. At first glance the prime doesn't always seem to look prime because it's last byte is an even number. However please note that the BYTE array contains octects!

To use the GeneratePrime function shown below, include and then something like:

	BYTE *prime     = NULL;
	DWORD primesize = 0;

	GeneratePrime(&prime, &primesize);

Here is the GeneratePrime function (using RSA).

BOOL GeneratePrime(BYTE **prime, DWORD *cbPrime) 
{
	HCRYPTPROV	 hCryptProv				= NULL;
	HCRYPTHASH	 hHash					= NULL;
	BOOL		 AcquiredContext		= FALSE;
	BOOL		 AcquiredPrime			= FALSE;

	//Attempt to acquire a cryptographic context
	if(CryptAcquireContext(&hCryptProv,	NULL, NULL, PROV_RSA_FULL, 0)== FALSE)
	{
		//No context established for this machine, create new key set
		if(GetLastError() == NTE_BAD_KEYSET)
			AcquiredContext = CryptAcquireContext(&hCryptProv,	NULL, NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET);
	}
	else
		AcquiredContext = TRUE;
	
	//Context Acquired lets Generate a key
	if (AcquiredContext==TRUE)
	{
		HCRYPTKEY hEncryptionKey = NULL;
		
		//Generate a 512-bit key
		BOOL  bGenEncKey = CryptGenKey(hCryptProv, CALG_RSA_KEYX, (512 << 16) | CRYPT_EXPORTABLE, &hEncryptionKey);
		if (bGenEncKey)
		{			
			//Get the size of the key blob
			DWORD KeyLength = 0;
			if (CryptExportKey(hEncryptionKey, NULL, PRIVATEKEYBLOB ,0, NULL, &KeyLength)==TRUE)
			{
				if (KeyLength>0)
				{
					//Allocate a key blob
					BYTE *PrivateKeyBlob = (BYTE *) malloc((size_t)KeyLength);
					if (PrivateKeyBlob)
					{
						//Export the blob
						if (CryptExportKey(hEncryptionKey, NULL, PRIVATEKEYBLOB ,0, PrivateKeyBlob, &KeyLength)==TRUE)
						{
							PUBLICKEYSTRUC pks    = {0};
							RSAPUBKEY      rsapub = {0};

							//Get the Public Key and RSA information
							memcpy(&pks,    PrivateKeyBlob, sizeof(PUBLICKEYSTRUC));
							memcpy(&rsapub, PrivateKeyBlob + sizeof(PUBLICKEYSTRUC), sizeof(RSAPUBKEY));

							//Calculate the size and offset of the prime numbers
							DWORD KeySizeBytes = rsapub.bitlen / 16;
							DWORD ModSizeBytes = rsapub.bitlen / 8;
							DWORD OffsetPrimeP = sizeof(PUBLICKEYSTRUC) +  sizeof(RSAPUBKEY) + ModSizeBytes;
							DWORD OffsetPrimeQ = sizeof(PUBLICKEYSTRUC) +  sizeof(RSAPUBKEY) + ModSizeBytes + KeySizeBytes;

							//Allocate sufficient memory to hold the primes
							*prime = (BYTE *) malloc((size_t) KeySizeBytes);
												
							if (*prime)
							{
								//Copy the prime from the key blob
								*cbPrime = KeySizeBytes;
                                memcpy(*prime, PrivateKeyBlob + OffsetPrimeP, KeySizeBytes);
								AcquiredPrime = TRUE;								
							}
						}
					}
				}
			}

			CryptDestroyKey(hEncryptionKey);
		}

		CryptReleaseContext(hCryptProv, 0);
	}

	return AcquiredPrime;
	
}

Anyway hope this helps. If you look at the CryptoAPI by Microsoft you will see that encrypting with DES is simple! It also supports many other encryption algorithms along with hashing Algorithms, Public-Private Key and Signature algorithms - it's a very powerful library indeed.

If you need any more help, let me know.

Best Regards,

Lee

Re: Generating Primes, DES and a whole lot more!

noooomen

11:57 31 Oct '06

I've tested your implementation of GeneratePrime function and I found out that it doesn't generate a 512-bit key, it always returns 256bit key ! KeySizeBytes was always set to 32. If I change the code to: ... //Generate a 512-bit key BOOL bGenEncKey = CryptGenKey(hCryptProv, CALG_RSA_KEYX, (1024 << 16) \| CRYPT_EXPORTABLE, &hEncryptionKey); ... it returns a 512bit key. Any idea why? Thanks
Sign In·View Thread·PermaLink

public key cryptography

Anonymous

10:21 16 Apr '05

how can i use that without need key exchange?
Sign In·View Thread·PermaLink	2.00/5 (1 vote)

Re: public key cryptography

MrLeeGriffiths

22:57 17 Apr '05

I'm not sure I quite understand your question? The whole point of the article was to describe a way to EXCHANGE ENCRYPTION KEYS between two parties. If you're just looking for encryption/decryption algorithms I'm sure there are plenty here on CodeProject! All the best!
Sign In·View Thread·PermaLink

question

Omar manama

12:40 6 Apr '05

I want code C++ for encryption and dencrypttion please
Sign In·View Thread·PermaLink	5.00/5 (2 votes)

Help required regarding IKE

dendude

20:58 21 Nov '04

The Diffie-Hellman algo implementation was quite useful. I'm doing some study in IKE which uses the Diffie-Hellman algo. I'm looking for a sample implementation of IKE. Any help? or any links? Thanks
Sign In·View Thread·PermaLink

Last Visit: Friday, August 29, 2008 12:52 PM Last Update:Friday, August 29, 2008 12:52 PM

1 Next »

General News Question Answer Joke Rant Admin