Diffie-Hellman key exchange method in qt
-
Hi,
to negotite security key I need :
Generate prime number (GENERATOR)
Generate prime number (MODULUS)using Diffie-Hellman method ?
Something like below in JS:BigInt(crypto.createDiffieHellman(16).getPrime().readUInt16BE()),
how do this in qt ?
-
I still don't see any relation to Qt here. We already told you more than once where you can get such random numbers from. Qt does not provide such things (not needed and to hard to implement it properly - there are enough good alternatives around)
-
@Damian7546 said in Diffie-Hellman key exchange method in qt:
how do this in qt ?
There is still no "Qt"... Qt is written for/in C++, so look for a C++ crypto library...
Qt has a Network module which provides security features:
and
QSSLKey
for examplehas DH algorithm support:
-
I asked the question wrong,
are there functions in qt to random generate 64 bit prime value ?Currently I'm thinking about the function below:
qint64 UtilsEssp::primeRandomInt64() { qint64 min = 0x8000000000000000; qint64 max = 0xFFFFFFFFFFFFFFFF; qint64 tempVal; int cnt = 0; bool search = true; while(search) { tempVal = (qrand() % (max-min)+1) + min; // If number is less than/equal to 1, // it is not prime if (tempVal <= 1) continue; else{ // Check for divisors from 1 to n for (int i = 1; i <= tempVal; i++) { // Check how many number is divisible // by tempVal if (tempVal % i == 0) cnt++; } // If n is divisible by more than 2 numbers // then it is not prime if (cnt > 2) continue; // else it is prime else search = false; } } return tempVal; }
-
@Damian7546
No. Qt has QRandomGenerator Class/QRandomGenerator64 Class (yourqrand()
is now obsolete, but that is not germane to your question), which generates random numbers but there is no method for a prime. I presume it is significant that the C++std
library does not offer this either.You can use whatever techniques in C++ algorithmically, e.g. Google
C++ random number prime
. Your code can be improved on a lot for efficiency[*], but you still have to search and test.[*] P.S.
LimitingtempVal
tosqrt(num)
and exiting thefor
loop as soon as you find a factor/divisor (above 1!) will make huge improvement :) Further improvements are possible, depending how deep you want to go into it.[By coincidence, Qt example Prime Counter has code in
PrimeCounter::filterFunction()
which illustrates this approach, though that code is not quite right for full 64-bit numbers.]Going all the way back to your topic title, why don't you just Google
Diffie-Hellman C++
and pick one of the algorithms or implementations? I thiink OpenSSL is involved, you can use that with Qt. And @Pl45m4 mentioned this. -
@JonB said in Diffie-Hellman key exchange method in qt:
Going all the way back to your topic title, why don't you just Google Diffie-Hellman C++ and pick one of the algorithms or implementations? I thiink OpenSSL is involved, you can use that with Qt. And @Pl45m4 mentioned this.
I'll use this. But my slave device needs 64 bit prime value for GENERATOR, MODULE replacement before key calculation, please look on the below flow chart:
-
@Damian7546
Not sure what your point is now. I only know/think that you could use that Diffie-Hellman stuff or similar from something in Open SSL, or you can Google for standalone implementations of it to write in C++ or you could just improve the approach in your own code for determining primes along the lines I suggested. -
@Damian7546 As people here keep telling you, Qt does not have what you need. Qt is a general purpose C++ framework, and does not have the specialized routines needed to implement cryptographic systems. Those exist in specialized libraries, and the reason is that safe and correct implementation of cryptography primitives and protocols relies on pretty unique and unusual techniques and algorithms.
For example:
-
The textbook ways of checking integers for primality are inefficient and otherwise problematic when dealing with numbers of the required magnitude. Approaches like the Rabin-Miller test are used instead.
-
Even basic arithmetic is handled differently - most cryptographic calculations are done with exact precision over a finite field (the only kind of proper algebraic field that digital computers can represent exactly), and with special care to implement addition/multiplication etc in a way that doesn't leak anything about secret numbers through small differences in timing.
-
There is special care about random number generation in general. "Standard" methods like
rand()
andqrand()
are not considered to be cryptographic quality because the numbers they generate are too predictable, and depending on seeding could even repeat which is disastrous in crypto context. (For this aspect specifically, Qt does have a built-in solution as @JonB mentioned).
So - you should choose a proper C or C++ cryptographic library to depend on in addition to Qt and learn it. There are several, good starting points are Botan (C++) or mbedtls (C, but more suitable for embedded devices). OpenSSL is widely used, but in my experience it is quite hard to correctly use and quite easy to misuse so I wouldn't recommend it unless something is forcing you to use it.
All of these will have everything you need to make a correct implementation of Diffie Helman key exchange, and event better - all of them have battle tested and vetted implementations of Diffie Helman (the classic variety, and the Elliptic Curve one which is easier on resources). There are many pitfalls in implementing any cryptographic protocol, DH is no different (the idea that you can just draw a random modulus, and of such a short length as 64 bits in that, is one such pitfall). Using an implementation from a reputable crypto library is highly recommended.
They will also probably have the means to do whatever you were planning to do with the negotiated shared secret (some form of AES, I presume?).
-
-
@IgKh Published flow chart in #6, is a describe how exchange keys beetween my applicaton (Host Machine) and Slave devie witch one I communicate by serial.
I have to do only left blue column. So reading documentation , I need only generate random prime numberr and send to Device.On this thread we do not taking about encryption methods, only about key negotiate.
-
I still don't see any relation to Qt here. We already told you more than once where you can get such random numbers from. Qt does not provide such things (not needed and to hard to implement it properly - there are enough good alternatives around)
-