Sample code for 30+ languages & platforms
Tcl

How to Generate an Elliptic Curve Shared Secret

See more ECC Examples

Demonstrates how to generate an ECC (Elliptic Curve Cryptography) shared secret. Imagine a cilent has one ECC private key, the server has another. A shared secret is computed by each side providing it's public key to the other. The private keys are kept private.

Chilkat Tcl Downloads

Tcl

load ./chilkat.dll

set success 0

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

# This example includes both client-side and server-side code.
# Each code segment is marked as client-side or server-side.
# Imagine these segments are running on separate computers...

# -----------------------------------------------------------------
# (Client-Side) Generate an ECC key, save the public part to a file.
# -----------------------------------------------------------------
set prngClient [new_CkPrng]

set eccClient [new_CkEcc]

set privKeyClient [new_CkPrivateKey]

set success [CkEcc_GenKey $eccClient "secp256r1" $prngClient $privKeyClient]
if {$success == 0} then {
    puts [CkEcc_lastErrorText $eccClient]
    delete_CkPrng $prngClient
    delete_CkEcc $eccClient
    delete_CkPrivateKey $privKeyClient
    exit
}

set pubKeyClient [new_CkPublicKey]

CkPrivateKey_ToPublicKey $privKeyClient $pubKeyClient
CkPublicKey_SavePemFile $pubKeyClient 0 "qa_output/eccClientPub.pem"

# -----------------------------------------------------------------
# (Server-Side) Generate an ECC key, save the public part to a file.
# -----------------------------------------------------------------
set prngServer [new_CkPrng]

set eccServer [new_CkEcc]

set privKeyServer [new_CkPrivateKey]

CkEcc_GenKey $eccServer "secp256r1" $prngServer $privKeyServer

set pubKeyServer [new_CkPublicKey]

CkPrivateKey_ToPublicKey $privKeyServer $pubKeyServer
CkPublicKey_SavePemFile $pubKeyServer 0 "qa_output/eccServerPub.pem"

# -----------------------------------------------------------------
# (Client-Side) Generate the shared secret using our private key, and the other's public key.
# -----------------------------------------------------------------

# Imagine that the server sent the public key PEM to the client.
# (This is simulated by loading the server's public key from the file.
set pubKeyFromServer [new_CkPublicKey]

CkPublicKey_LoadFromFile $pubKeyFromServer "qa_output/eccServerPub.pem"
set sharedSecret1 [CkEcc_sharedSecretENC $eccClient $privKeyClient $pubKeyFromServer "base64"]

# -----------------------------------------------------------------
# (Server-Side) Generate the shared secret using our private key, and the other's public key.
# -----------------------------------------------------------------

# Imagine that the client sent the public key PEM to the server.
# (This is simulated by loading the client's public key from the file.
set pubKeyFromClient [new_CkPublicKey]

CkPublicKey_LoadFromFile $pubKeyFromClient "qa_output/eccClientPub.pem"
set sharedSecret2 [CkEcc_sharedSecretENC $eccServer $privKeyServer $pubKeyFromClient "base64"]

# ---------------------------------------------------------
# Examine the shared secrets.  They should be the same.
# Both sides now have a secret that only they know.
# ---------------------------------------------------------
puts "$sharedSecret1"
puts "$sharedSecret2"

delete_CkPrng $prngClient
delete_CkEcc $eccClient
delete_CkPrivateKey $privKeyClient
delete_CkPublicKey $pubKeyClient
delete_CkPrng $prngServer
delete_CkEcc $eccServer
delete_CkPrivateKey $privKeyServer
delete_CkPublicKey $pubKeyServer
delete_CkPublicKey $pubKeyFromServer
delete_CkPublicKey $pubKeyFromClient