Objective-C
Objective-C
How to Generate an Elliptic Curve Shared Secret
See more ECC Examples
Demonstrates how to generate an ECC (Elliptic Curve Cryptography) shared secret. Imagine a cilent has one ECC private key, the server has another. A shared secret is computed by each side providing it's public key to the other. The private keys are kept private.Chilkat Objective-C Downloads
#import <CkoPrng.h>
#import <CkoEcc.h>
#import <CkoPrivateKey.h>
#import <CkoPublicKey.h>
#import <NSString.h>
BOOL success = NO;
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// This example includes both client-side and server-side code.
// Each code segment is marked as client-side or server-side.
// Imagine these segments are running on separate computers...
// -----------------------------------------------------------------
// (Client-Side) Generate an ECC key, save the public part to a file.
// -----------------------------------------------------------------
CkoPrng *prngClient = [[CkoPrng alloc] init];
CkoEcc *eccClient = [[CkoEcc alloc] init];
CkoPrivateKey *privKeyClient = [[CkoPrivateKey alloc] init];
success = [eccClient GenKey: @"secp256r1" prng: prngClient privKey: privKeyClient];
if (success == NO) {
NSLog(@"%@",eccClient.LastErrorText);
return;
}
CkoPublicKey *pubKeyClient = [[CkoPublicKey alloc] init];
[privKeyClient ToPublicKey: pubKeyClient];
[pubKeyClient SavePemFile: NO path: @"qa_output/eccClientPub.pem"];
// -----------------------------------------------------------------
// (Server-Side) Generate an ECC key, save the public part to a file.
// -----------------------------------------------------------------
CkoPrng *prngServer = [[CkoPrng alloc] init];
CkoEcc *eccServer = [[CkoEcc alloc] init];
CkoPrivateKey *privKeyServer = [[CkoPrivateKey alloc] init];
[eccServer GenKey: @"secp256r1" prng: prngServer privKey: privKeyServer];
CkoPublicKey *pubKeyServer = [[CkoPublicKey alloc] init];
[privKeyServer ToPublicKey: pubKeyServer];
[pubKeyServer SavePemFile: NO path: @"qa_output/eccServerPub.pem"];
// -----------------------------------------------------------------
// (Client-Side) Generate the shared secret using our private key, and the other's public key.
// -----------------------------------------------------------------
// Imagine that the server sent the public key PEM to the client.
// (This is simulated by loading the server's public key from the file.
CkoPublicKey *pubKeyFromServer = [[CkoPublicKey alloc] init];
[pubKeyFromServer LoadFromFile: @"qa_output/eccServerPub.pem"];
NSString *sharedSecret1 = [eccClient SharedSecretENC: privKeyClient pubKey: pubKeyFromServer encoding: @"base64"];
// -----------------------------------------------------------------
// (Server-Side) Generate the shared secret using our private key, and the other's public key.
// -----------------------------------------------------------------
// Imagine that the client sent the public key PEM to the server.
// (This is simulated by loading the client's public key from the file.
CkoPublicKey *pubKeyFromClient = [[CkoPublicKey alloc] init];
[pubKeyFromClient LoadFromFile: @"qa_output/eccClientPub.pem"];
NSString *sharedSecret2 = [eccServer SharedSecretENC: privKeyServer pubKey: pubKeyFromClient encoding: @"base64"];
// ---------------------------------------------------------
// Examine the shared secrets. They should be the same.
// Both sides now have a secret that only they know.
// ---------------------------------------------------------
NSLog(@"%@",sharedSecret1);
NSLog(@"%@",sharedSecret2);