Diffie Helman Key Exchange

How would one perform a Diffie Helman key exchange with a remote server using the new SecKey API in iOS 10+?


The following is a high level, starting outline:

// 1. get the server's public key
let publicKey: SecKey

// 2. Generate an ECSEC private key
let attributes: [String: Any] = [kSecAttrKeyType as String: kSecAttrKeyTypeECSECPrimeRandom, kSecAttrKeySizeInBits as String: 256]
var error: Unmanaged<CFError>?
let privateKey = SecKeyCreateRandomKey(attributes as CFDictionary, &error)!

// 3. Select an ECDH key exchange algorithm
let algorithm: SecKeyAlgorithm = .ecdhKeyExchangeCofactorX963SHA256
let size: SecKeyKeyExchangeParameter = .requestedSize
let parameters: [SecKeyKeyExchangeParameter: Int] = [size: 16]

// 4. perform the shared secret exchange
let sharedSecret = SecKeyCopyKeyExchangeResult(privateKey, algorithm, publicKey, parameters as CFDictionary, &error) as? Data


What is the format of the data returned from SecKeyCopyKeyExchangeResult?


How would an AES key, operating in GCM mode, be derived from it?


Thanks!

Replies

How would one perform a Diffie Helman key exchange with a remote server using the new SecKey API in iOS 10+?

Someone else might chime in here but, if not, I recommend that you open a DTS tech support incident and we can look at this properly.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"