Sample code for 30+ languages & platforms
PureBasic

How to Generate an Elliptic Curve Shared Secret

See more ECC Examples

Demonstrates how to generate an ECC (Elliptic Curve Cryptography) shared secret. Imagine a cilent has one ECC private key, the server has another. A shared secret is computed by each side providing it's public key to the other. The private keys are kept private.

Chilkat PureBasic Downloads

PureBasic
IncludeFile "CkPublicKey.pb"
IncludeFile "CkEcc.pb"
IncludeFile "CkPrng.pb"
IncludeFile "CkPrivateKey.pb"

Procedure ChilkatExample()

    success.i = 0

    ; This example requires the Chilkat API to have been previously unlocked.
    ; See Global Unlock Sample for sample code.

    ; This example includes both client-side and server-side code.
    ; Each code segment is marked as client-side or server-side.
    ; Imagine these segments are running on separate computers...

    ; -----------------------------------------------------------------
    ; (Client-Side) Generate an ECC key, save the public part to a file.
    ; -----------------------------------------------------------------
    prngClient.i = CkPrng::ckCreate()
    If prngClient.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    eccClient.i = CkEcc::ckCreate()
    If eccClient.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    privKeyClient.i = CkPrivateKey::ckCreate()
    If privKeyClient.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    success = CkEcc::ckGenKey(eccClient,"secp256r1",prngClient,privKeyClient)
    If success = 0
        Debug CkEcc::ckLastErrorText(eccClient)
        CkPrng::ckDispose(prngClient)
        CkEcc::ckDispose(eccClient)
        CkPrivateKey::ckDispose(privKeyClient)
        ProcedureReturn
    EndIf

    pubKeyClient.i = CkPublicKey::ckCreate()
    If pubKeyClient.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    CkPrivateKey::ckToPublicKey(privKeyClient,pubKeyClient)
    CkPublicKey::ckSavePemFile(pubKeyClient,0,"qa_output/eccClientPub.pem")

    ; -----------------------------------------------------------------
    ; (Server-Side) Generate an ECC key, save the public part to a file.
    ; -----------------------------------------------------------------
    prngServer.i = CkPrng::ckCreate()
    If prngServer.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    eccServer.i = CkEcc::ckCreate()
    If eccServer.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    privKeyServer.i = CkPrivateKey::ckCreate()
    If privKeyServer.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    CkEcc::ckGenKey(eccServer,"secp256r1",prngServer,privKeyServer)

    pubKeyServer.i = CkPublicKey::ckCreate()
    If pubKeyServer.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    CkPrivateKey::ckToPublicKey(privKeyServer,pubKeyServer)
    CkPublicKey::ckSavePemFile(pubKeyServer,0,"qa_output/eccServerPub.pem")

    ; -----------------------------------------------------------------
    ; (Client-Side) Generate the shared secret using our private key, and the other's public key.
    ; -----------------------------------------------------------------

    ; Imagine that the server sent the public key PEM to the client.
    ; (This is simulated by loading the server's public key from the file.
    pubKeyFromServer.i = CkPublicKey::ckCreate()
    If pubKeyFromServer.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    CkPublicKey::ckLoadFromFile(pubKeyFromServer,"qa_output/eccServerPub.pem")
    sharedSecret1.s = CkEcc::ckSharedSecretENC(eccClient,privKeyClient,pubKeyFromServer,"base64")

    ; -----------------------------------------------------------------
    ; (Server-Side) Generate the shared secret using our private key, and the other's public key.
    ; -----------------------------------------------------------------

    ; Imagine that the client sent the public key PEM to the server.
    ; (This is simulated by loading the client's public key from the file.
    pubKeyFromClient.i = CkPublicKey::ckCreate()
    If pubKeyFromClient.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    CkPublicKey::ckLoadFromFile(pubKeyFromClient,"qa_output/eccClientPub.pem")
    sharedSecret2.s = CkEcc::ckSharedSecretENC(eccServer,privKeyServer,pubKeyFromClient,"base64")

    ; ---------------------------------------------------------
    ; Examine the shared secrets.  They should be the same.
    ; Both sides now have a secret that only they know.
    ; ---------------------------------------------------------
    Debug sharedSecret1
    Debug sharedSecret2


    CkPrng::ckDispose(prngClient)
    CkEcc::ckDispose(eccClient)
    CkPrivateKey::ckDispose(privKeyClient)
    CkPublicKey::ckDispose(pubKeyClient)
    CkPrng::ckDispose(prngServer)
    CkEcc::ckDispose(eccServer)
    CkPrivateKey::ckDispose(privKeyServer)
    CkPublicKey::ckDispose(pubKeyServer)
    CkPublicKey::ckDispose(pubKeyFromServer)
    CkPublicKey::ckDispose(pubKeyFromClient)


    ProcedureReturn
EndProcedure