“How to Diffie Hellman” using RSA and JavaScript

Question

How can I reach a shared secret using Diffie Hellman Key Exchange with existing base64 RSA 2048 bit not PEM encoded key pairs in JavaScript? I get an invalid key error with the following:

const crypto = require('crypto');
const myRsa2048PrivateKey = 'CAASqAkwggSkAgEAAoIBAQCRQHzwWADGZcNS+aiUV7dW81489bEFsuFYUWGtOxW4UdpCuo1/yJ5GNEFY7FJDaQ194J28JAU8RDrxQqQawKyZ7CqINjqQni9VedgqkVWC9tDKrvaT7YxzeBjj/L0K3sMuAXMzhwRtOaD/DUfmJnZRgffJFFlT69D+nXx3Z2cywSiz5lK4M9Ua35jV/lxfS2RD+8Jf15cN4rGK8CtyKj0oLAyBDWKTf1zEzkDqS/fc1GhuFVyGymz/XvJ4COePuzJN2VX5hUewn5FZDnGz+6CG3xVXiEg4xZu7iF6Hmv7mBnqOecJuaPB2/O/ocUXrR+XuTTdf+KVvoxBDae2WXHd1AgMBAAECggEAYN1ptHproeNRW+9kbfEFMjZAPVT3xb4iK1yyT+0cMfxcGq4AGRx3+Id2oM+QmKXhOnXlmwdGeodh62yutaySLl/hiU7oxXLITC9iahjbtufUG6aMh+AeDw8jQj9U7n/aF78dzVoYKKMK66w2q5QwyXBsByvL2nxjtrjdvV824hAPGbSytfq8fcj6QZ7OsnzuJVC2195flwfoS0FVhyVm25iYJhIg9gsU+AfJJ2BanW0/eESjorIkFa7aWDKQZ7EzC/9iOdwNInSwGiDQcCQPiYhu+CvPgApTR791IJOkHYJhGN6xXY8QqfSYCwXCe6BYYU6Rg6eMw4vYoqjNKjEmbQKBgQDJrhcTWz0oTPNw/yWoXchnIZSxGQXOKe1bXI8xLZ5kxZjdiFeCx5Ndgp00+An8mYmUeQsIWGqsAVI3kTt45RiL2EPrrvoLMu7til8Ya5w7G1F3GQCNtSWCXCPhDwnmgPr/kgxjQoJSpVhVyEAlQl1/eomNMF7+FVzCN5ftniiXIwKBgQC4X6iA/e98M7jnFONloaaZMW2D/093JbeRYam6e67R8R6Ipq5Y4X6e7R0PWTqSZe2f8KKJCu6Q09vd9sg6MyhHIMtj7Da+GItmmRn5enxwdrw5E56plMVrwd0dBx14kT4G1M8DnjZeyWfoObVHzYyU0mRLdriVoJ57XkFr4CZshwKBgQCrsC9mxAJBP5jyddKqDQRgf17kkKe3hUvRve8Mb4hqwyhKVxogdCPItDt+bzWZO1+67Hxu404UFZ/XPCTD20vVKQtRJQkp5Xcu8t/XmyxJyQzF9ZvaBv7ihevpWPMVrnF+hedTzLfDAY08oZex4FhWAIv+jNIhPTBVChylJUHqvwKBgQCxJAcLV+7eD/uY2XLZVIRyLxEffw7kVLKX1ZNy/h4qy1UgybQ85Pn4y6vd8UbbHV8/Cb2/mWc4crSN/+rEMB6EqDeB25OE9KQKgRJ5pXsluo6A8B7Co5NCQtKkbw+bpUBI4/G5ciqeyzcv4TIQuKZW3gVKk9gouldKBHcqpAOGxQKBgGS4NZw0olJYO8LQx+/D0EhGFSiSj1PvMXm+VB+5RhrLQSJK/CfzeofIZn729wxjfoqvS8UJlR9muNyjte5WC5PfWdmsohmx1p8hdldswJwTPDuLSlcDSDSt97PfloTWlh+juT+NprYRtN5kBYufR5Gx82TXB2agmDJkfo+YPhtH';
const othersRsa2048PublicKey = 'CAASpgIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCOuz9TgU1k/QWHSwveWO0skQJ6irsao3PL8JpCKX1kFWeIaDHN3vfiRus7UpK81NE3WeThAw4ALSXrwkc3NFmopNp5NqHsf6kbKAI9YukuLR3AIwo41AYxIt5BlWHz5jyRLxi77MoHdnppaclALxm53fb7kMUHXsjiFTxE88V05ngpe4rPMadYbdecy6lfKc79Pb+dI+JshGGbjjj7LGa+FQbw1isgjD2erYBj18OST8f6qp1e8WHWiqT+8RyWRXqJs1EtSRr49GDWx1tiLuPXa02Ct69gCvz2pkwV0YoWQUfKAH5mWGTXr4WP4fds4qn/jk9VlAXnO5CkoTziJPGfAgMBAAE=';
const df = crypto.createDiffieHellman(myRsa2048PrivateKey, 'base64');
console.log(df.computeSecret(othersRsa2048PublicKey, 'base64'));

Answer 1

You cannot. RSA operations rely on a different hard problem (trapdoor RSA) than Diffie-Hellman (Discrete Logarithm problem or DLP). Hence they use a similarly sized but different key. So RSA private keys cannot be directly used for DH operations.

What you can do is to generate a ephemeral (temporary) Diffie Hellman key pair, use that to compute the secret, and then authenticate the public key - and other security relevant information - of the Diffie-Hellman key exchange. RSA can be used for authentication by generating a signature.

You can have a look at the TLS specifications - specifically the cipher suites starting with DHE_ - to get a general idea on how to do this.

---

Another, less secure way that is simpler to implement but doesn't offer forward security is to encrypt a session key using the RSA public key and then send it to the other site. If that site can decrypt and get the right secret key then you consider it authenticated (eg by evaluating a MAC authentication tag created by that secret key or a key derived from that key).

This is implemented by the TLS cipher suites starting with RSA_ (and have been deprecated in version 1.3 because of the reasons stated above).