Page 30 - HRM-00-v1
P. 30
SECURITY
Cyber Security - Encryption Key Exchanges
In ECDH, elliptical curve points provide the public and private en- cryption keys, and predefined values include N and g for an agreed- to curve. Both parties create private and public keys, exchange public
keys, and multiply their private key by the other’s public key to derive the shared secret key—see the following code:
function get_bob_pub() {
var ifrm = document.getElementById(“ecdhServer”); document.ecdhtest.bob_pub_x.value = ifrm.contentWindow.bobPubX; document.ecdhtest.bob_pub_y.value = ifrm.contentWindow.bobPubY; var before = new Date();
var curve = get_curve();
var alicePubX = document.ecdhtest.alice_pub_x.value; var alicePubY = document.ecdhtest.alice_pub_y.value; var P = new ECPointFp(curve,
curve.fromBigInteger(new BigInteger(document.ecdhtest.bob_pub_x.value)),
curve.fromBigInteger(new BigInteger(document.ecdhtest.bob_pub_y.value))); var a = new BigInteger(document.ecdhtest.alice_priv.value);
var S = P.multiply(a);
var after = new Date();
document.ecdhtest.alice_key_x.value = S.getX().toBigInteger().toString(); document.ecdhtest.alice_key_y.value = S.getY().toBigInteger().toString(); if (name == “”) name = “secp192r1”;
}
//-->
</script> </head>
<body onload=«do_init();”>
The foregoing code gets Bob’s values and computes Alice’s shared se- cret key. With compact representation, the x-coordinate of the derived point on the curve is the shared secret, and authentication data (“ada- ta”) can also be added. The encoded text block returned might look like this:
{
“iv”:”HV9Xro6SvCgq17ReXAsn4Q==”,
“v”:1,
“iter”:1000,
“ks”:256,
“ts”:128,
“mode”:”ccm”,
“adata”:”authorization data”, “cipher”:”aes”,
“salt”:”ObpiMz7YLFw=”, “ct”:”p5/DJ8yRQPHOrnEUu6d4o1Q9JTKSNzrWgy8KO6MGIDy”
}
The initialization Vector is “iv”, version number is “v”, “iter” is a pass- word-strengthening factor, key size in bits is “ks”, authentication tag size in bits is “ts”, “mode” is the cipher mode, “adata” is the authentica- tion data string—can be a timestamp to limit multiple login tries. The algorithm used for encryption is “cipher”, “salt” is the password Salt, and “ct” is the encrypted ciphertext that’s sent between the two parties exchanging messages.
CONCLUSION
Using Elliptical Curve Diffie-Hellman (ECDH) to exchange encryp- tion keys provides greatly improved key security. Combined with 256-bit AES encryption 4 of message content, much greater security is achieved than was possible in the past 5.
At http://web2ria.com/#95 6, and http://bitwiseshiftleft.github.io/ sjcl/demo/ 7 are the two ECDH examples (key exchange and the full encryption demo). See https://www.garykessler.net/library/crypto. html#dhmath 8 for a longer article. The example pages at Web2RIA and Github use client-side data exchanges, but both PHP and C# serv- er-side languages have Diffie-Hellman functions, and AJAX can be used for browser-server data exchanges. è hello@humanreadablemag.com
ARTICLE LINKS
In ECDH, elliptical curve points provide the public and private encryption keys, and predefined values include N and g for an agreed-to curve.
1. https://hrm.link/symmetricencryption
2. https://hrm.link/IETF
3. https://hrm.link/AES
4. https://hrm.link/AES-encryption
5. https://hrm.link/greater-security
6. https://hrm.link/HumanReadableMa
7. https://hrm.link/HumanReadableMa
8. https://hrm.link/HumanReadableMa
September 2019
| 30
