In [1]:
from cryptography.hazmat.primitives.asymmetric import dh

Generate safe DH parameters. Takes about 38 seconds on a default codespaces VM.

In [2]:
params = dh.generate_parameters(generator=2, key_size=2048)

Generate a private key for use in the exchange.

This is Alice.

In [3]:
alice_private_key = params.generate_private_key()

This is Bob.

In [4]:
bob_private_key = params.generate_private_key()

This is the shared secret (calculated from Alice's perspective).

In [5]:
shared_key = alice_private_key.exchange(bob_private_key.public_key())

Confirm generator is 2 (which is what was requested).

In [6]:
g = params.parameter_numbers().g
g

2

Confirm prime is same size as what we would expect for a 2048-bit number (again, what was requested).

In [7]:
p = params.parameter_numbers().p
len(str(p))

617

In [8]:
len(str(2**2048))

617

This is Alice's private key $a$.

In [9]:
a = alice_private_key.private_numbers().x

This is Bob's public key $B$.

In [10]:
B = bob_private_key.public_key().public_numbers().y

In [11]:
type(shared_key)

bytes

Convert shared secret to an integer and compare with $g^{ab}$.

In [12]:
int.from_bytes(shared_key, "big")

4369568231135506231781354533338596520314371311417896274182353648795424980990760688778344662662518370190808754419533089618041254572111755468723504661024441026839156076483824013241189581646665281345547417273490881778648043834792066696251151328625995491935109097778209188892512991273626042871605359727810489624414538068221966472038626550344739805183210758434639264470192746018558933913574234213145231776134610274572273114985541349423635097115494041672955246577359708686588076612370725044389612022872496072818735902500114246931046991597883072304711822777858674158584048063831727614365147187650328160913036214150718998948

$B^a = (g^b)^a = g^{ab}\ mod\ p$

In [13]:
pow(B, a, p) == int.from_bytes(shared_key, "big")

True