Tcl
Tcl
How to Generate an Elliptic Curve Shared Secret
See more ECC Examples
Demonstrates how to generate an ECC (Elliptic Curve Cryptography) shared secret. Imagine a cilent has one ECC private key, the server has another. A shared secret is computed by each side providing it's public key to the other. The private keys are kept private.Chilkat Tcl Downloads
load ./chilkat.dll
set success 0
# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
# This example includes both client-side and server-side code.
# Each code segment is marked as client-side or server-side.
# Imagine these segments are running on separate computers...
# -----------------------------------------------------------------
# (Client-Side) Generate an ECC key, save the public part to a file.
# -----------------------------------------------------------------
set prngClient [new_CkPrng]
set eccClient [new_CkEcc]
set privKeyClient [new_CkPrivateKey]
set success [CkEcc_GenKey $eccClient "secp256r1" $prngClient $privKeyClient]
if {$success == 0} then {
puts [CkEcc_lastErrorText $eccClient]
delete_CkPrng $prngClient
delete_CkEcc $eccClient
delete_CkPrivateKey $privKeyClient
exit
}
set pubKeyClient [new_CkPublicKey]
CkPrivateKey_ToPublicKey $privKeyClient $pubKeyClient
CkPublicKey_SavePemFile $pubKeyClient 0 "qa_output/eccClientPub.pem"
# -----------------------------------------------------------------
# (Server-Side) Generate an ECC key, save the public part to a file.
# -----------------------------------------------------------------
set prngServer [new_CkPrng]
set eccServer [new_CkEcc]
set privKeyServer [new_CkPrivateKey]
CkEcc_GenKey $eccServer "secp256r1" $prngServer $privKeyServer
set pubKeyServer [new_CkPublicKey]
CkPrivateKey_ToPublicKey $privKeyServer $pubKeyServer
CkPublicKey_SavePemFile $pubKeyServer 0 "qa_output/eccServerPub.pem"
# -----------------------------------------------------------------
# (Client-Side) Generate the shared secret using our private key, and the other's public key.
# -----------------------------------------------------------------
# Imagine that the server sent the public key PEM to the client.
# (This is simulated by loading the server's public key from the file.
set pubKeyFromServer [new_CkPublicKey]
CkPublicKey_LoadFromFile $pubKeyFromServer "qa_output/eccServerPub.pem"
set sharedSecret1 [CkEcc_sharedSecretENC $eccClient $privKeyClient $pubKeyFromServer "base64"]
# -----------------------------------------------------------------
# (Server-Side) Generate the shared secret using our private key, and the other's public key.
# -----------------------------------------------------------------
# Imagine that the client sent the public key PEM to the server.
# (This is simulated by loading the client's public key from the file.
set pubKeyFromClient [new_CkPublicKey]
CkPublicKey_LoadFromFile $pubKeyFromClient "qa_output/eccClientPub.pem"
set sharedSecret2 [CkEcc_sharedSecretENC $eccServer $privKeyServer $pubKeyFromClient "base64"]
# ---------------------------------------------------------
# Examine the shared secrets. They should be the same.
# Both sides now have a secret that only they know.
# ---------------------------------------------------------
puts "$sharedSecret1"
puts "$sharedSecret2"
delete_CkPrng $prngClient
delete_CkEcc $eccClient
delete_CkPrivateKey $privKeyClient
delete_CkPublicKey $pubKeyClient
delete_CkPrng $prngServer
delete_CkEcc $eccServer
delete_CkPrivateKey $privKeyServer
delete_CkPublicKey $pubKeyServer
delete_CkPublicKey $pubKeyFromServer
delete_CkPublicKey $pubKeyFromClient