I downloaded the OpenSSL binaries, made lib from dll through implib . I put the *.h files in the include builder'a folder. I create an application, the code is taken from here :

 #include <openssl/evp.h> #include <openssl/ec.h> unsigned char *ecdh(size_t *secret_len) { EVP_PKEY_CTX *pctx, *kctx; EVP_PKEY_CTX *ctx; unsigned char *secret; EVP_PKEY *pkey = NULL, *peerkey, *params = NULL; /* NB: assumes pkey, peerkey have been already set up */ /* Create the context for parameter generation */ if(NULL == (pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL))) handleErrors(); /* Initialise the parameter generation */ if(1 != EVP_PKEY_paramgen_init(pctx)) handleErrors(); /* We're going to use the ANSI X9.62 Prime 256v1 curve */ if(1 != EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_X9_62_prime256v1)) handleErrors(); /* Create the parameter object params */ if (!EVP_PKEY_paramgen(pctx, &params)) handleErrors(); /* Create the context for the key generation */ if(NULL == (kctx = EVP_PKEY_CTX_new(params, NULL))) handleErrors(); /* Generate the key */ if(1 != EVP_PKEY_keygen_init(kctx)) handleErrors(); if (1 != EVP_PKEY_keygen(kctx, &pkey)) handleErrors(); /* Get the peer's public key, and provide the peer with our public key - * how this is done will be specific to your circumstances */ peerkey = get_peerkey(pkey); /* Create the context for the shared secret derivation */ if(NULL == (ctx = EVP_PKEY_CTX_new(pkey, NULL))) handleErrors(); /* Initialise */ if(1 != EVP_PKEY_derive_init(ctx)) handleErrors(); /* Provide the peer public key */ if(1 != EVP_PKEY_derive_set_peer(ctx, peerkey)) handleErrors(); /* Determine buffer length for shared secret */ if(1 != EVP_PKEY_derive(ctx, NULL, secret_len)) handleErrors(); /* Create the buffer */ if(NULL == (secret = OPENSSL_malloc(*secret_len))) handleErrors(); /* Derive the shared secret */ if(1 != (EVP_PKEY_derive(ctx, secret, secret_len))) handleErrors(); EVP_PKEY_CTX_free(ctx); EVP_PKEY_free(peerkey); EVP_PKEY_free(pkey); EVP_PKEY_CTX_free(kctx); EVP_PKEY_free(params); EVP_PKEY_CTX_free(pctx); /* Never use a derived secret directly. Typically it is passed * through some hash function to produce a key */ return secret; }

The error is the string peerkey = get_peerkey(pkey); He says that the function is not found, help me figure it out, please.

  • get_peerkey is your own key exchange function. - mega
  • Thank you very much for the referral. Although I did not understand a bit, I just want to create the keys programmatically, or should the key exchange function be incorporated in the key itself? - Aslan

1 answer 1

The exchange of public keys ( EC_POINT ) is made through the protocol. In the case of SSL , this occurs in the ServerKeyExchange and ClientKeyExchange . But if you have some other protocol, the key exchange may follow a different scenario. In any case, you need to deliver these keys to each side of the dialogue.

To create a private key, you need to call EC_KEY_generate_key . And to get a "shared secret" based on your private key and the interlocutor's public key, you need to call ECDH_compute_key .

On both sides of the dialogue, the same curve ( EC_GROUP ) must be selected, this is a prerequisite.

ECDH key generation example:

 key = EC_KEY_new(); group = EC_GROUP_new_by_curve_name(curve); EC_KEY_set_group(key, group); EC_KEY_generate_key(key); EC_GROUP_free(group);
  • The result of the code execution comes to me a bit, this is the implementation of key exchange itself, as I understood it, I wanted a little different, I just wanted to generate the keys, and then work to entrust the Indy component. Seems a bit deeply - Aslan
  • Added an example for key generation, you only need to set the name of the curve (curve), for example, the same NID_X9_62_prime256v1 . And further, key can be transferred already to other components which will make an exchange. - mega
  • You just stuck to get_peerkey , so I described in 2 words the essence of this procedure, too. - mega
  • Easier to use for this chat: chat.stackexchange.com/rooms/42669/ecdh--c-builder--openssl - mega