diffie-hellman

Diffie-Hellman algorithm. This algorithm (and its variants) make it possible for each party to combine their own private data with public data from the other system to arrive at an identical secret session key.

The basis of this procedure for classic Diffie-Hellman are:

  • Both parties agree on a large prime number, which will serve as a seed value.
  • Both parties agree on an encryption generator (typically AES), which will be used to manipulate the values in a predefined way.
  • Independently, each party comes up with another prime number which is kept secret from the other party. This number is used as the private key for this interaction (different from the private SSH key used for authentication).
  • The generated private key, the encryption generator, and the shared prime number are used to generate a public key that is derived from the private key, but which can be shared with the other party.
  • Both participants then exchange their generated public keys.
  • The receiving entity uses their own private key, the other party’s public key, and the original shared prime number to compute a shared secret key. Although this is independently computed by each party, using opposite private and public keys, it will result in the same shared secret key.
  • The shared secret is then used to encrypt all communication that follows.

This process allows each party to equally participate in generating the shared secret, which does not allow one end to control the secret. It also accomplishes the task of generating an identical shared secret without ever having to send that information over insecure channels.

Interactive Graph
Table Of Contents
diffie-hellman