0

I'm trying to understand how to implement key exchange using nettle's curve25519 functions. I'm writing an software that establishes encrypted TCP connection with public key based authentication. The client and server programs share the same code base.

This is an hobby project to learn network and crypto programming. :-)

I have working toy app using nettle's rsa_encrypt function, but there is no equivalent to curve25519 from what I see. How do I do key exchange using nettle's curve25519 functions?

And to be clear, I know I could and probably should simply use any production quality TLS library like openssl, but I want to learn how to do encrypted TCP connection from scratch. Using TLS library would defeat that purpose. I compared many crypto libraries and found nettle as most easily approachable since it is low level.

JATothrim
  • 842
  • 1
  • 8
  • 24
  • [Ain't it the thing](http://www.lysator.liu.se/~nisse/nettle/nettle.html#Curve-25519-and-Curve-448) – Sugar Jul 30 '21 at 16:17

1 Answers1

1

Elliptic curves, generally, are used for key 'agreement' rather than key 'exchange'.

I don't know how much you know about this so I'll briefly explain:

  • RSA - we generate a random symmetric key, encrypt it with the public key of the recipient, who themselves later decrypts and uses it.

  • ECC (Elliptic curve crypto) - we use a process called Elliptic Curve Diffie-Hellman, due to the commutative nature of the multiplication of curve points, we can establish the same point on the curve by multiplying theirPublicKeyPoint * ourPrivateKeyPoint * G, where G is the curves base point.

So, in summary:

  • I greatly encourage you to use ECDH instead of RSA.
  • You need to find a function to perform ECDH over curve25519, also known as x25519, nettle's function is this.
  • After the process of ECDH, we end up with another point on the curve. :) - which we hash the x co-ordinate of to generate the symmetric key. Though this is usually done by the lib.
Woodstock
  • 22,184
  • 15
  • 80
  • 118
  • Oh, I finally understand what `curve25519_mul(Q, N, P)` does! But I'm still bit fuzzy how to generate the key pair N,P.. Is `ed25519_sha512_public_key(pub,priv)` used to derive the public key from random private key material? – JATothrim Aug 02 '21 at 14:28
  • 1
    Browsing the rust docs bit more I found the correct function is `curve25519_mul_g(pub, priv)` for x25519 keys. ed25519 is for signatures. :) – JATothrim Aug 02 '21 at 14:48
  • 1
    You got it! Ed25519 is signature specific. It uses a sister curve to curve25519 that is birationally related. Are you all good now? – Woodstock Aug 02 '21 at 15:11
  • 1
    @JATothrim just shout if you have follow up questions. – Woodstock Aug 02 '21 at 19:35