Shared Secret from public and private key

[tarun9573]

I need to generate a shared secrete using only Bob public key and Alice private key. When I am generating a shared secret using method below, I am getting a shared secret but it is not matching with android when supplied same private and public key on android.

Let sessionKeyPairForAlice = sodium.keyExchange.sessionKeyPair(publicKey: aliceKeyPair.publicKey, secretKey: aliceKeyPair.secretKey, otherPublicKey: bobKeyPair.publicKey, side: .CLIENT)!

Please help me out to get the desired result.

[blochberger]

Can you elaborate further? One side has to be the client and one side has to be the server. If you use the iOS-device as a client, the Android device has to act as a server. On iOS you need to pass the public key of the Android device and the secret key of the iOS device. On Android you need to pass the public key of the iOS device and the secret key of the Android device.

[tarun9573]

No, This is not what I am saying. I just want ot calculate the Shared Secrete on both the platform. Suppose Alice and Bob, using Alice Secret key and Bob Public key, the shared secret I am getting is not matched with the android shared Secret generated using Alice Secret key and Bob public key.

[tarun9573]

Here is an example : Alice secret: "86575ed09fb775e44cfd420204bf36291927773fd5bc1b70404b91c7e4beae40" Alice Public: "965d33cc85c6ff5284c7af5aceab95b5aff354a6dbdbf5518ee82634e9bdc748" Bob secret: "a6be8d6528517e7706c735afae60b73f3d2bbaeb2c3458e34eca4573db4ada8a" Bob Public: "e843907053a41e7ad11e4278e1a44a1d5ead3af1772c1f046a5d21894c95c13f"

Android implementation is written below

Android Library Github link - https://github.com/duerrfk/ecdh-curve25519-mobile

Android method to generate shared secret - byte[] Alick_sk = hexStringToByteArray("86575ed09fb775e44cfd420204bf36291927773fd5bc1b70404b91c7e4beae40"); byte[] Bob_pk = hexStringToByteArray("e843907053a41e7ad11e4278e1a44a1d5ead3af1772c1f046a5d21894c95c13f"); byte shared[] = ECDHCurve25519.generate_shared_secret(Alick_sk, Bob_pk); Log.e(TAG, Utility.bytesToHex(shared));

Android Output "6CD845027DBBF58EB4FAF0093594AFC5E9214B587BF9AA44769C665E36B8C541"

iOS implementation let sessionKeyPairForAlice = sodium.keyExchange.sessionKeyPair(publicKey: (aliceKeyPair?.publicKey)!, secretKey: (aliceKeyPair?.secretKey)!, otherPublicKey: (bobKeyPair?.publicKey)!, side: .CLIENT)!

iOS output - shared secret rx: "bc7816b2cbde2b1a50f579085c7ee890bb196fcda6b50dd6831b0dd4c7bb3104" shared secret tx: "49ae6d7118aa33346bf0d52c948f3e36bd7d897437d41bdacb5a362e9a358447"

NOTE: I first generated Alice and BOB key pair, then generated the sharedSecret. Then I passed the same generated keys on android , but the sahred secret generated is different. Please help me out to generate same shared keys as in android.

[jedisct1]

Looks like the ECDHCurve25519.generate_shared_secret() function you are referring to just multiplies a public key by a scalar.

The result should not by used as a session key, or you won't get the security guarantees you may expect.

libsodium, the Swift bindings, and presumably the Android bindings provide a key exchange API to compute a shared session key. This is what sodium.keyExchange.sessionKeyPair is for. It doesn't just perform a multiplication but returns actual session keys. You should use this if possible.

[tarun9573]

Yes, in android it is a multiplication of scalar over the public and private key . So how can I achieve this scalar multiplication in iOS ? Is there any method in this library ? or can you provide any code sample so that I can achieve the output as android .

[jedisct1]

I don't know much about Android, but here is how libsodium creates session keys: https://github.com/jedisct1/libsodium/blob/master/src/libsodium/crypto_kx/crypto_kx.c

Given q the result the scalar multiplication, rx || tx = BLAKE2B-512(q || client_pk || server_pk)

[TusharSharma651]

Did you find any solution?