Chilkat Examples

ChilkatHOME.NET Core C#Android™AutoItCC#C++Chilkat2-PythonCkPythonClassic ASPDataFlexDelphi ActiveXDelphi DLLGoJavaLianjaMono C#Node.jsObjective-CPHP ActiveXPHP ExtensionPerlPowerBuilderPowerShellPureBasicRubySQL ServerSwift 2Swift 3,4,5...TclUnicode CUnicode C++VB.NETVBScriptVisual Basic 6.0Visual FoxProXojo Plugin

DataFlex Examples

Web API Categories

ASN.1
AWS KMS
AWS Misc
Amazon EC2
Amazon Glacier
Amazon S3
Amazon S3 (new)
Amazon SES
Amazon SNS
Amazon SQS
Async
Azure Cloud Storage
Azure Key Vault
Azure Service Bus
Azure Table Service
Base64
Bounced Email
Box
CAdES
CSR
CSV
Certificates
Cloud Signature CSC
Code Signing
Compression
DKIM / DomainKey
DNS
DSA
Diffie-Hellman
Digital Signatures
Dropbox
Dynamics CRM
EBICS
ECC
Ed25519
Email Object
Encryption
FTP
FileAccess
Firebase
GMail REST API
GMail SMTP/IMAP/POP
Geolocation
Google APIs
Google Calendar
Google Cloud SQL
Google Cloud Storage
Google Drive
Google Photos
Google Sheets
Google Tasks
Gzip
HTML-to-XML/Text
HTTP

HTTP Misc
IMAP
JSON
JSON Web Encryption (JWE)
JSON Web Signatures (JWS)
JSON Web Token (JWT)
Java KeyStore (JKS)
MHT / HTML Email
MIME
MS Storage Providers
Microsoft Graph
Misc
NTLM
OAuth1
OAuth2
OIDC
Office365
OneDrive
OpenSSL
Outlook
Outlook Calendar
Outlook Contact
PDF Signatures
PEM
PFX/P12
PKCS11
POP3
PRNG
REST
REST Misc
RSA
SCP
SCard
SFTP
SMTP
SSH
SSH Key
SSH Tunnel
ScMinidriver
SharePoint
SharePoint Online
Signing in the Cloud
Socket/SSL/TLS
Spider
Stream
Tar Archive
ULID/UUID
Upload
WebSocket
XAdES
XML
XML Digital Signatures
XMP
Zip
curl
uncategorized

 

 

 

(DataFlex) Diffie-Hellman Key Exchange (DH)

Diffie-Hellman key exchange (DH) is a cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared secret key.

This example demonstrates how two parties (Alice and Bob) can compute an N-bit shared secret key without the key ever being transmitted.

Chilkat ActiveX Downloads

ActiveX for 32-bit and 64-bit Windows

Use ChilkatAx-win32.pkg

Procedure Test
    Handle hoDhBob
    Handle hoDhAlice
    String p
    Integer g
    Boolean iSuccess
    String sEBob
    String sEAlice
    String sKBob
    String sKAlice
    Handle hoCrypt
    String sSessionKey
    String sIv
    String sCipherText64
    String sPlainText

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // Create two separate instances of the DH object.
    Get Create (RefClass(cComChilkatDh)) To hoDhBob
    If (Not(IsComObjectCreated(hoDhBob))) Begin
        Send CreateComObject of hoDhBob
    End
    Get Create (RefClass(cComChilkatDh)) To hoDhAlice
    If (Not(IsComObjectCreated(hoDhAlice))) Begin
        Send CreateComObject of hoDhAlice
    End

    // The DH algorithm begins with a large prime, P, and a generator, G.  
    // These don't have to be secret, and they may be transmitted over an insecure channel.  
    // The generator is a small integer and typically has the value 2 or 5.

    // The Chilkat DH component provides the ability to use known
    // "safe" primes, as well as a method to generate new safe primes.

    // This example will use a known safe prime.  Generating
    // new safe primes is a time-consuming CPU intensive task
    // and is normally done offline.

    // Bob will choose to use the 2nd of our 8 pre-chosen safe primes.  
    // It is the Prime for the 2nd Oakley Group (RFC 2409) -- 
    // 1024-bit MODP Group.  Generator is 2. 
    // The prime is: 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }
    Send ComUseKnownPrime To hoDhBob 2

    // The computed shared secret will be equal to the size of the prime (in bits).
    // In this case the prime is 1024 bits, so the shared secret will be 128 bytes (128 * 8 = 1024).
    // However, the result is returned as an SSH1-encoded bignum in hex string format.
    // The SSH1-encoding prepends a 2-byte count, so the result is going  to be 2 bytes
    // longer: 130 bytes.  This results in a hex string that is 260 characters long (two chars
    // per byte for the hex encoding).

    // Bob will now send P and G to Alice.
    Get ComP Of hoDhBob To p
    Get ComG Of hoDhBob To g

    // Alice calls SetPG to set P and G.  SetPG checks
    // the values to make sure it's a safe prime and will
    // return False if not.
    Get ComSetPG Of hoDhAlice p g To iSuccess
    If (iSuccess <> True) Begin
        Showln "P is not a safe prime"
        Procedure_Return
    End

    // Each side begins by generating an "E"
    // value.  The CreateE method has one argument: numBits.
    // It should be set to twice the size of the number of bits
    // in the session key.

    // Let's say we want to generate a 128-bit session key
    // for AES encryption.  The shared secret generated by the Diffie-Hellman
    // algorithm will be longer, so we'll hash the result to arrive at the
    // desired session key length.  However, the length of the session
    // key we'll utlimately produce determines the value that should be
    // passed to the CreateE method.

    // In this case, we'll be creating a 128-bit session key, so pass 256 to CreateE.
    // This setting is for security purposes only -- the value
    // passed to CreateE does not change the length of the shared secret
    // that is produced by Diffie-Hellman.  
    // Also, there is no need to pass in a value larger
    // than 2 times the expected session key length.  It suffices to
    // pass exactly 2 times the session key length.

    // Bob generates a random E (which has the mathematical
    // properties required for DH).

    Get ComCreateE Of hoDhBob 256 To sEBob

    // Alice does the same:

    Get ComCreateE Of hoDhAlice 256 To sEAlice

    // The "E" values are sent over the insecure channel.
    // Bob sends his "E" to Alice, and Alice sends her "E" to Bob.

    // Each side computes the shared secret by calling FindK.
    // "K" is the shared-secret.

    // Bob computes the shared secret from Alice's "E":
    Get ComFindK Of hoDhBob sEAlice To sKBob

    // Alice computes the shared secret from Bob's "E":
    Get ComFindK Of hoDhAlice sEBob To sKAlice

    // Amazingly, kBob and kAlice are identical and the expected
    // length (260 characters).  The strings contain the hex encoded bytes of
    // our shared secret:
    Showln "Bob's shared secret:"
    Showln sKBob
    Showln "Alice's shared secret (should be equal to Bob's)"
    Showln sKAlice

    // To arrive at a 128-bit session key for AES encryption, Bob and Alice should
    // both transform the raw shared secret using a hash algorithm that produces
    // the size of session key desired.   MD5 produces a 16-byte (128-bit) result, so
    // this is a good choice for 128-bit AES.

    // To produce the session key:
    Get Create (RefClass(cComChilkatCrypt2)) To hoCrypt
    If (Not(IsComObjectCreated(hoCrypt))) Begin
        Send CreateComObject of hoCrypt
    End

    Set ComEncodingMode Of hoCrypt To "hex"
    Set ComHashAlgorithm Of hoCrypt To "md5"

    Get ComHashStringENC Of hoCrypt sKBob To sSessionKey

    Showln "128-bit Session Key:"
    Showln sSessionKey

    // Encrypt something...
    Set ComCryptAlgorithm Of hoCrypt To "aes"
    Set ComKeyLength Of hoCrypt To 128
    Set ComCipherMode Of hoCrypt To "cbc"

    // Use an IV that is the MD5 hash of the session key...

    Get ComHashStringENC Of hoCrypt sSessionKey To sIv

    // AES uses a 16-byte IV:
    Showln "Initialization Vector:"
    Showln sIv

    Send ComSetEncodedKey To hoCrypt sSessionKey "hex"
    Send ComSetEncodedIV To hoCrypt sIv "hex"

    // Encrypt some text:

    Set ComEncodingMode Of hoCrypt To "base64"
    Get ComEncryptStringENC Of hoCrypt "The quick brown fox jumps over the lazy dog" To sCipherText64
    Showln sCipherText64

    Get ComDecryptStringENC Of hoCrypt sCipherText64 To sPlainText

    Showln sPlainText


End_Procedure
 

© 2000-2024 Chilkat Software, Inc. All Rights Reserved.