openssl_dh_compute_key

(PHP 5 >= 5.3.0, PHP 7, PHP 8)

openssl_dh_compute_keyComputa el secreto compartido para un valor público de una clave DH remota y una clave DH local

Descripción

openssl_dh_compute_key(string $pub_key, resource $dh_key): string
Advertencia

Esta función no está documentada actualmente, solamente se encuentra disponible la lista de parámetros.

Parámetros

pub_key

Clave pública

dh_key

Clave DH

Valores devueltos

Devuelve la clave computada si se tuvo éxito o false en caso de error.

add a note add a note

User Contributed Notes 4 notes

up
1
k.s.swaminathan at live dot com
2 years ago
// Purpose: Provide a working example of Diffie-Hellman, entirely in php.

// This function generates a configuration for Diffie-Hellman keypair
// We start with an empty config and have openssl_pkey_new create
// a prime and a generator. This is a time consuming step.

function get_DH_params ($keylength=2048, $digest_alg="sha512")
{
    $pkey = openssl_pkey_new(["digest_alg" => $digest_alg,
                        "private_key_bits" => $keylength,
                        "private_key_type" => OPENSSL_KEYTYPE_DH]);
    $details = openssl_pkey_get_details($pkey);
    return [
            "digest_alg" => $digest_alg,
            "private_key_bits" => $keylength,
            "dh" => array('p' => $details['dh']['p'], 'g' => $details['dh']['g']),
            "private_key_type" => OPENSSL_KEYTYPE_DH,
        ];
}

// Now Alice and Bob can create their respective keypairs
function get_DH_keyPair ($DH_params)
{
    $pkey = openssl_pkey_new($DH_params);          
    $privkey = openssl_pkey_get_private($pkey);
    $pubkey = openssl_pkey_get_details($pkey)['dh']['pub_key'];
    return (object) compact('pubkey','privkey');
}

// Now Alice and Bob can create a mutual secret
function get_DH_mutualsecret($peers_public, $my_private)
{
    return bin2hex(openssl_dh_compute_key($peers_public, $my_private));
}

// Usage
>>> $dh_params = get_DH_params();
=> [
     "digest_alg" => "sha512",
     "private_key_bits" => 2048,
     "dh" => [
       "p" => b"ó»¸'#ð\x18\x04Û_Ä\tõyÁZàx\x15\x14\x11ƒ┬l=Ü┤H\0",
       "g" => "\x02",
     ],
     "private_key_type" => 2,
   ]

// Alice & Bob generate their keys from the same dh_params.
// Binary values truncated.

>>> $alice = get_DH_keypair($dh_params);
=> {#3773
     +"pubkey": b"""EØüÔSðÔîË╚ùà5ÜLÜ$┘▄±ü6]",
     +"privkey": OpenSSLAsymmetricKey {#3771},
   }

>>> $bob = get_DH_keypair($dh_params);
=> {#3774
     +"pubkey": b"'ua¥ªo\ê\x11║OM©\vó╣ßÜWöíþ³e÷:\t9Ô\rB┌\x13",
     +"privkey": OpenSSLAsymmetricKey {#3765},
   }

>>> $alice_secret = get_DH_mutualsecret($bob->pubkey, $alice->privkey);
=> "5fbf9df2f13da103f106.  ....."

>>> $bob_secret = get_DH_mutualsecret($alice->pubkey, $bob->privkey);
=> "5fbf9df2f13da103f106.  ....."

>>> $bob_secret == $alice_secret;
=> true

// Now Alice and Bob have a shared secret which they can use as a symmetric key. The key will be 2048 bits long (same as the DH key length parameter). They can hash it to get a shorter key if they want.

// A third person, Charlie, can also create a key pair like Alice and Bob.
// And Charlie and Alice can create their own Alice and Bob did.
// And Charlie and Bob can create their own (separate) secret.
//
up
0
vangelier at hotmail dot com
3 years ago
A working example. After some study and reading I finally get how this method is working.

You need to follow the below 4 steps;

1. You create a public key which is known to 1:n parties.
2. Each party creates their own keypair.
2a. Each party shared their public key with the members.
3. Each user can re-create the shared secret by using his Private Key and the Public Key of the other parties.
4. Compare the secrets as a handshake

/* 1. Create the first, global known public key. */

/**
     * Get DH public/private keys
     * @return array
     */
    public static function get_keypair()
    {
        $keys = [];

        $config = [
            "digest_alg" => "sha512",
            "private_key_bits" => 2048,
            "private_key_type" => OPENSSL_KEYTYPE_DH,
        ];

        // Create the private and public key
        $res = openssl_pkey_new($config);

        $pubKey = openssl_pkey_get_details($res);
        $keys["public"] = $pubKey["key"];

        openssl_pkey_export($res, $privKey);

        $keys["private"] = $privKey;

        return $keys;
    }

Now you share the Public Key with every member of the party.

/* 2. Each user creates a new Key Pair with the P,G from the global public key info */

$key = openssl_get_publickey(base64_decode($publicKey));
$info = openssl_pkey_get_details($key);
$params = $info["dh"];

Now you have the P,G from the public key. Use it;

/**
     * Create keypair from Prime and Generator for KeyExchange
     * @param $prime
     * @param $generator
     */
    public static function create_keypair_from_pg($prime, $generator)
    {
        $config = [
            "digest_alg" => "sha512",
            "private_key_bits" => 2048,
            "dh" => [
                "p" => $prime,
                "g" => $generator
            ],
            "private_key_type" => OPENSSL_KEYTYPE_DH,
        ];

        return openssl_pkey_new($config);
    }

/* 3. Create a shared secret with your Private Key, and User 1:n's Public Key */

$privateKey = openssl_get_publickey(base64_decode($privateKeyData));

$secret1 = openssl_dh_compute_key($user1PublicKey, $privateKey);
        if($secret !== false) {
            return bin2hex($secret);
        }else{
            print_r(openssl_error_string());
        }

$secret2 = openssl_dh_compute_key($user2PublicKey, $privateKey);
        if($secret !== false) {
            return bin2hex($secret);
        }else{
            print_r(openssl_error_string());
        }

/* 4. Compare the secrets as a handshake method */

if(strcmp($secret1, $secret2) === 0) {
            return true;
        }

        return false;

Good luck, enjoy!. Keep me posted about improvements and updates.  vangelier AT hotmail DOT com
up
0
vangelier at hotmail dot com
3 years ago
Is it possible for someone to post a working example?  I have written many test and examples, and I just can't seem to get 2 secrets that are alike with this method.

I am following this; https://sandilands.info/sgordon/diffie-hellman-secret-key-exchange-with-openssl

With the console, it works great. With openssl_dh_compute_key it does not work.
up
-1
vangelier at hotmail dot com
3 years ago
After some challenges I decided to write a C++ and PHP code samples.

As it can be very tricky to get a grib on how the Diffie and Hellman algoritm work. The code samples are cross compatible.

Gist with PHP code and C++ code:

https://gist.github.com/digitalhuman/2a2b85d61672e4bf83596d41351723ba

Enjoy!
To Top