# Diffie-Hellman Key Exchange

In [27]:
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import dh
from cryptography.hazmat.primitives.kdf.hkdf import HKDF
from cryptography.hazmat.primitives.serialization import (
    Encoding, ParameterFormat, PublicFormat,
    load_pem_parameters, load_pem_public_key
)

We play Alice and generate the parameters ($p$, $g$, $q$)

In [28]:
parameters = dh.generate_parameters(generator=2, key_size=1024)#generate the key

In [36]:
# This is the parameter string to send to Bob 
# Bob can load with
# LAB
parameters = load_pem_parameters(b'-----BEGIN DH PARAMETERS-----\nMIGHAoGBAKrUaGpAUujNPwweMrJy3oBRqXlDjtXmuel5F46JlYZcNUBGpfUNDKu0\n8Z/gABqr2Clzho923asWvw/xbYbsv2cGUBOgQOC1k0aRQ7YWp6un10cgUnlcw9Nw\n4GizCAkR8GZ0jzcsQib98IGaY2mxvyXkGzaWZPOIK1WnY76DX7sXAgEC\n-----END DH PARAMETERS-----\n') # FOR THE OTTHER SIDE
#parameters = load_pem_parameters("...string...") # FOR THE OTTHER SIDE

#parameters.parameter_bytes(Encoding.PEM,ParameterFormat.PKCS3)#transform the param to insert them into a payload -> list of bits
# PAM can be printed -> advantage

In [30]:
# Now generate the private key
private_key = parameters.generate_private_key()

In [37]:
# This is the public key to send to Bob 
# Bob can load with
#LAB
key_a = load_pem_public_key(b'-----BEGIN PUBLIC KEY-----\nMIIBIDCBlQYJKoZIhvcNAQMBMIGHAoGBAKrUaGpAUujNPwweMrJy3oBRqXlDjtXm\nuel5F46JlYZcNUBGpfUNDKu08Z/gABqr2Clzho923asWvw/xbYbsv2cGUBOgQOC1\nk0aRQ7YWp6un10cgUnlcw9Nw4GizCAkR8GZ0jzcsQib98IGaY2mxvyXkGzaWZPOI\nK1WnY76DX7sXAgECA4GFAAKBgQCkOgPpxDuzG12v+JZlsc2dK5df2wAMTveEvPdZ\nY5egN0qmkZ3OqCAg9eSsQhjZ5E6GN9uNBaWAYP1ExJeBmSmWT02/UrvIoJILykmE\nj36U6dj/rdrIF08G9z8iNY5TzwuZaY6X7u8Z6XuWi4NbHGH0vVaCFFrv4Q8KbjaL\nWByy2g==\n-----END PUBLIC KEY-----\n') 
# parameters = load_pem_public_key("...string...") 
#private_key.public_key().public_bytes(Encoding.PEM,PublicFormat.SubjectPublicKeyInfo)

In [38]:
# Here we should load Bob's public key with
# bob_public_key = load_pem_public_key("...string...")
# Since we do not have Bob, we generate Bob's key locally
bob_private_key = parameters.generate_private_key()
bob_public_key = bob_private_key.public_key()

In [45]:
bob_public_key.public_bytes(Encoding.PEM,PublicFormat.SubjectPublicKeyInfo)

b'-----BEGIN PUBLIC KEY-----\nMIIBIDCBlQYJKoZIhvcNAQMBMIGHAoGBAKrUaGpAUujNPwweMrJy3oBRqXlDjtXm\nuel5F46JlYZcNUBGpfUNDKu08Z/gABqr2Clzho923asWvw/xbYbsv2cGUBOgQOC1\nk0aRQ7YWp6un10cgUnlcw9Nw4GizCAkR8GZ0jzcsQib98IGaY2mxvyXkGzaWZPOI\nK1WnY76DX7sXAgECA4GFAAKBgQCo/C/q5uVhji+S+2jpp3C/AExVp7Eu4UHjaW9D\n8/05uzUKHzx46IG2x0z3Ol3L0IByqfBpqidXZ6+H8d1bK06EVLA2fsQFSJdSiRjZ\n9lpCIcWoDx7f7X8HgTCxqLLYbDft+QMP3eUi/BQTq2iuGQyntHt9ge/LWafXCd94\nYWbfog==\n-----END PUBLIC KEY-----\n'

In [42]:
# This is the shared group element
shared_key = bob_private_key.exchange(key_a)# LOCAL, REMOTE -> SHARED KEY

In [43]:
# This is the shared key
# You can use derived_key to encrypt a message using any symmetric cipher
# If possible prefer an authenticated
derived_key = HKDF(# obtain a tring of bits to be used as a real key
    algorithm=hashes.SHA256(),
    length=32,
    salt=None,
    info=b'some shared data',
).derive(shared_key)
derived_key # use in a symmetric encryption (AES) 

b'0f\x82u\x03\x91\xa9\xea\xc6Q*\xb9\xef\x03mB{E\xfc\x93\x94Jx\xa80C\xfa\xf7\x9fP\xcd-'

## Laboratory

Pick a classmate, decide who's Alice and who's Bob. Generate a key and send a message.
You can use email or chat to exchange the protocol messages.