CRYPTO_KEY_EXCHANGE(3MONOCYPHER) | 3MONOCYPHER | CRYPTO_KEY_EXCHANGE(3MONOCYPHER) |
crypto_key_exchange
,
crypto_key_exchange_public_key
—
#include <monocypher.h>
void
crypto_key_exchange
(uint8_t
shared_key[32], const uint8_t
your_secret_key[32], const uint8_t
their_public_key[32]);
void
crypto_key_exchange_public_key
(uint8_t
your_public_key[32], const uint8_t
your_secret_key[32]);
crypto_key_exchange
() computes a shared key with your
secret key and their public key.
crypto_key_exchange_public_key
()
deterministically computes the public key from a random secret key.
These functions are deprecated in favor of using a higher level protocol with crypto_x25519(3monocypher).
The arguments are:
crypto_key_exchange_public_key
().shared_key and your_secret_key may overlap if the secret is no longer required.
Some poorly designed protocols require a test for “contributory” behaviour, which ensures that no untrusted party forces the shared secret to a known constant. Protocols should instead be designed in such a way that no such check is necessary; namely, by authenticating the other party or exchanging keys over a trusted channel.
Do not use the same secret key for both key exchanges and signatures. The public keys are different and revealing both may leak information. If there really is no room to store or derive two different secret keys, consider generating a key pair for signatures and then converting it with crypto_from_eddsa_private(3monocypher) and crypto_from_eddsa_public(3monocypher).
crypto_key_exchange
() and
crypto_key_exchange_public_key
() return nothing.
arc4random_buf
(), which fills the given buffer with
cryptographically secure random bytes. If
arc4random_buf
() does not exist on your system, see
intro(3monocypher) for advice about how to
generate cryptographically secure random bytes.
Generate a public key from a randomly generated secret key:
uint8_t sk[32]; /* Random secret key */ uint8_t pk[32]; /* Public key */ arc4random_buf(sk, 32); crypto_key_exchange_public_key(pk, sk); /* Wipe secrets if they are no longer needed */ crypto_wipe(sk, 32);
Generate a shared, symmetric key with your secret key and their public key. (The other party will generate the same shared key with your public key and their secret key.)
const uint8_t their_pk [32]; /* Their public key */ uint8_t your_sk [32]; /* Your secret key */ uint8_t shared_key[32]; /* Shared session key */ crypto_key_exchange(shared_key, your_sk, their_pk); /* Wipe secrets if they are no longer needed */ crypto_wipe(your_sk, 32);
crypto_key_exchange
() uses HChaCha20 as well.
crypto_key_exchange
() function first appeared in
Monocypher 0.2. The crypto_key_exchange_public_key
()
macro alias first appeared in Monocypher 1.1.0. Both were deprecated in
Monocypher 3.1.3 and are planned to be removed in Monocypher 4.0.0.
Many (private, public) key pairs produce the same shared secret. Therefore, not including the public keys in the key derivation can lead to subtle vulnerabilities. This can be avoided by hashing the shared secret concatenated with both public keys. For example,
crypto_key_exchange_public_key
() is an alias to
crypto_x25519_public_key(3monocypher).
February 12, 2022 | Debian |