openssl

Module derive

source
Expand description

Shared secret derivation.

§Example

The following example implements ECDH using NIST P-384 keys:

use openssl::bn::BigNumContext;
use openssl::pkey::PKey;
use openssl::derive::Deriver;
use openssl::ec::{EcGroup, EcKey, EcPoint, PointConversionForm};
use openssl::nid::Nid;

let group = EcGroup::from_curve_name(Nid::SECP384R1)?;

let first: PKey<_> = EcKey::generate(&group)?.try_into()?;

// second party generates an ephemeral key and derives
// a shared secret using first party's public key
let shared_key = EcKey::generate(&group)?;
// shared_public is sent to first party
let mut ctx = BigNumContext::new()?;
let shared_public = shared_key.public_key().to_bytes(
       &group,
       PointConversionForm::COMPRESSED,
       &mut ctx,
   )?;

let shared_key: PKey<_> = shared_key.try_into()?;
let mut deriver = Deriver::new(&shared_key)?;
deriver.set_peer(&first)?;
// secret can be used e.g. as a symmetric encryption key
let secret = deriver.derive_to_vec()?;

// first party derives the same shared secret using
// shared_public
let point = EcPoint::from_bytes(&group, &shared_public, &mut ctx)?;
let recipient_key: PKey<_> = EcKey::from_public_key(&group, &point)?.try_into()?;
let mut deriver = Deriver::new(&first)?;
deriver.set_peer(&recipient_key)?;
let first_secret = deriver.derive_to_vec()?;

assert_eq!(secret, first_secret);

Structs§

  • A type used to derive a shared secret between two keys.