Skip to content

Easily generate a single or multi-round Diffie-Hellman key.

License

Notifications You must be signed in to change notification settings

NTDLS/NTDLS.SecureKeyExchange

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

29 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

NTDLS.SecureKeyExchange

📦 Be sure to check out the NuGet package: https://www.nuget.org/packages/NTDLS.SecureKeyExchange

Easily generate a single or multi-round Diffie-Hellman key C#.

Scenario (use your imagination):

  • localHost is a local service.
  • remotePeer is a remote peer.
//localHost starts the process with a call to GenerateNegotiationToken(),
//  specifying the size of the key (which is actually n*16).
var localHost = new CompoundNegotiator();
byte[] negotiationToken = localHost.GenerateNegotiationToken(8);

//localHost passes the resulting bytes from GenerateNegotiationToken()
//  to a remote peer which passes the bytes to ApplyNegotiationToken().
var remotePeer = new CompoundNegotiator();
byte[] negotiationReply = remotePeer.ApplyNegotiationToken(negotiationToken);

//The remotePeer passes the bytes from ApplyNegotiationToken() back to the 
//  localHost, where the localHost passes them to ApplyNegotiationResponseToken()
localHost.ApplyNegotiationResponseToken(negotiationReply);

//At this point, both the localHost and the remotePeer have the same bytes in
//  "SharedSecret" as we can see from comparing the "SharedSecretHash".
if (remotePeer.SharedSecretHash != localHost.SharedSecretHash)
{
    throw new Exception("This should never happen.");
}

Console.WriteLine($"Key length: {localHost.KeyLength} bytes.");
Console.WriteLine($" Local Shared Secret: {localHost.SharedSecretHash}");
Console.WriteLine($"Remote Shared Secret: {remotePeer.SharedSecretHash}");

License

[Apache-2.0](https://choosealicense.com/licenses/mit/)