06 December, 2013

Elliptic curve Diffie–Hellman (ECDH)

ECDH is only the protocol for exchanging shared secret key, so about the cipher text length, that depends on the encrypt algorithm we choose.

how to deliver the private key and public key: (No private key need to deliver)
Client: Private key (CK-H), Public key (CK-P)
Server: Private key (SK-H), Public key (SK-P)
  1. get the public key[SK-P] from Server, maybe from header, or body, whatever.
  2. use this public key [SK-P] and the client private key [CK-H] to generate a shared key [KS], then use this shared key[KS] to encrypt the message
  3. send the message, and with the client public key[CK-P].
Server:
Use client public key[CK-P], and its private key[SK-H], to generate the [KS], then use the KS to decrypt the message.
The encrypt algorithm should be pre-defined.

Security issue:
Man-in-the-middle attack:

We have to add some variants like hash or digital signature to perform an authentication.