Photo by 🇨🇭 Claudio Schwarz | @purzlbaum on Unsplash

Handshaking Keys for Privacy with ECDH … Let’s “Go” Create It!

Prof Bill Buchanan OBE FRSE

--

A fundamental part of creating a secure tunnel — such as with HTTPs — is that the client and server generate the same shared symmetric key (typically with the AES method), and that they use this to encrypt the data passed.

In days of old, the HTTPs key exchange method was the horrible RSA encryption technique. With this, the RSA public key of the server — and which was contained on the digital certificate passed from the server to the client — was used to encrypt the session key to be used and send back the server. The server then decrypted this with its private key. The client and the server then have the same shared encryption key. But this method has a major fault … if someone discovers the private key of the server, they can decrypt all of the secret communications.

And so, with TLS 1.3, the old public key encryption method of key exchange has been dumped, and the only show in town is ECDH (Elliptic Curve Diffie Hellman). Why? Because only the client and the server know the key used. Once the session is finished, the key is gone, and a new one is created for the next session. So, in this article, I will show how we use the Go programming language to create the parameters required for the key exchange. The demo is here:

--

--

Prof Bill Buchanan OBE FRSE
Prof Bill Buchanan OBE FRSE

Written by Prof Bill Buchanan OBE FRSE

Professor of Cryptography. Serial innovator. Believer in fairness, justice & freedom. Based in Edinburgh. Old World Breaker. New World Creator. Building trust.