Sample code for 30+ languages & platforms
Swift

How to Generate an Elliptic Curve Shared Secret

See more ECC Examples

Demonstrates how to generate an ECC (Elliptic Curve Cryptography) shared secret. Imagine a cilent has one ECC private key, the server has another. A shared secret is computed by each side providing it's public key to the other. The private keys are kept private.

Chilkat Swift Downloads

Swift

func chilkatTest() {
    var success: Bool = false

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // This example includes both client-side and server-side code.
    // Each code segment is marked as client-side or server-side.
    // Imagine these segments are running on separate computers...

    // -----------------------------------------------------------------
    // (Client-Side) Generate an ECC key, save the public part to a file.
    // -----------------------------------------------------------------
    let prngClient = CkoPrng()!
    let eccClient = CkoEcc()!
    let privKeyClient = CkoPrivateKey()!
    success = eccClient.genKey(curveName: "secp256r1", prng: prngClient, privKey: privKeyClient)
    if success == false {
        print("\(eccClient.lastErrorText!)")
        return
    }

    let pubKeyClient = CkoPublicKey()!
    privKeyClient.toPublicKey(pubKey: pubKeyClient)
    pubKeyClient.savePemFile(preferPkcs1: false, path: "qa_output/eccClientPub.pem")

    // -----------------------------------------------------------------
    // (Server-Side) Generate an ECC key, save the public part to a file.
    // -----------------------------------------------------------------
    let prngServer = CkoPrng()!
    let eccServer = CkoEcc()!
    let privKeyServer = CkoPrivateKey()!
    eccServer.genKey(curveName: "secp256r1", prng: prngServer, privKey: privKeyServer)

    let pubKeyServer = CkoPublicKey()!
    privKeyServer.toPublicKey(pubKey: pubKeyServer)
    pubKeyServer.savePemFile(preferPkcs1: false, path: "qa_output/eccServerPub.pem")

    // -----------------------------------------------------------------
    // (Client-Side) Generate the shared secret using our private key, and the other's public key.
    // -----------------------------------------------------------------

    // Imagine that the server sent the public key PEM to the client.
    // (This is simulated by loading the server's public key from the file.
    let pubKeyFromServer = CkoPublicKey()!
    pubKeyFromServer.load(fromFile: "qa_output/eccServerPub.pem")
    var sharedSecret1: String? = eccClient.sharedSecretENC(privKey: privKeyClient, pubKey: pubKeyFromServer, encoding: "base64")

    // -----------------------------------------------------------------
    // (Server-Side) Generate the shared secret using our private key, and the other's public key.
    // -----------------------------------------------------------------

    // Imagine that the client sent the public key PEM to the server.
    // (This is simulated by loading the client's public key from the file.
    let pubKeyFromClient = CkoPublicKey()!
    pubKeyFromClient.load(fromFile: "qa_output/eccClientPub.pem")
    var sharedSecret2: String? = eccServer.sharedSecretENC(privKey: privKeyServer, pubKey: pubKeyFromClient, encoding: "base64")

    // ---------------------------------------------------------
    // Examine the shared secrets.  They should be the same.
    // Both sides now have a secret that only they know.
    // ---------------------------------------------------------
    print("\(sharedSecret1!)")
    print("\(sharedSecret2!)")

}