So, I'm trying to perform a key exchange using the OpenSSL EVP methods for elliptic curve DH to derive a shared secret. This is necessary to provide strong security using AES in GCM mode for a custom protocol.
Problem is, I can only seem to find information and examples about exchange of static keys (ECDH) (see here ).
To make my key exchange "ephemeral", do I do the following?
EVP_PKEY_keygen
EVP_DigestSign
functions. EVP_DigestVerify
functions. EVP_BytesToKey
to get an encryption key and initialization vector (IV) for AES. This would seem to provide perfect forward secrecy since a compromise of the master keys would allow signing of future keys but not allow retrieval of past ephemeral keys.
Am I missing anything?
Alright, I ended up solving this. Ephemeral ECDH simply requires the generation of ephemeral keypairs on both the server and client (using EVP_PKEY_keygen
. Authenticating them is optional for ECDHE but the "signing" approach using the static key I suggested above is valid.
Sending the static public keys via cleartext should pose no problems so all the client needs to do is authenticate the server's certificate and verify the signature on the server's ephemeral public key.
I did some experiment with the openssl evp library for performing a simple ECDH key agreement in C. The readme has some info on how to compile. I added a few comments for myself to understand what was going on. Hope it helps. https://github.com/prithuadhikary/OPENSSL_EVP_ECDH_EXAMPLE
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.