10 May, 2011

Diffie-Hellman support in Node.js

Yay! My patch implementing support for Diffie-Hellman key exchange in Node.js has finally been merged into the Node.js master branch. This will simplify the OpenID for Node.js codebase a lot. It will also make the OpenID association phase run a lot faster, since the current code does Diffie-Hellman in Javascript while the Node.js crypto version does it all in native code using OpenSSL.

A brief API overview:


  • crypto.createDiffieHellman(prime_length) creates a Diffie-Hellman key exchange object and generates a prime of the given bit length. The generator used is 2.
  • crypto.createDiffieHellman(prime, encoding='binary') creates a Diffie-Hellman key exchange object using the supplied prime. The generator used is 2. Encoding can be 'binary', 'hex', or 'base64'.
  • diffieHellman.generateKeys(encoding='binary') generates private and public Diffie-Hellman key values, and returns the public key in the specified encoding. This key should be transferred to the other party. Encoding can be 'binary', 'hex', or 'base64'.
  • diffieHellman.computeSecret(other_public_key, input_encoding='binary', output_encoding=input_encoding) computes the shared secret using other_public_key as the other party's public key and returns the computed shared secret. Supplied key is interpreted using specified input_encoding, and secret is encoded using specified output_encoding. Encodings can be 'binary', 'hex', or 'base64'. If no output encoding is given, the input encoding is used as output encoding.
  • diffieHellman.getPrime(encoding='binary') returns the Diffie-Hellman prime in the specified encoding, which can be 'binary', 'hex', or 'base64'.
  • diffieHellman.getGenerator(encoding='binary') returns the Diffie-Hellman prime in the specified encoding, which can be 'binary', 'hex', or 'base64'.
  • diffieHellman.getPublicKey(encoding='binary') returns the Diffie-Hellman public key in the specified encoding, which can be 'binary', 'hex', or 'base64'.
  • diffieHellman.getPrivateKey(encoding='binary') returns the Diffie-Hellman private key in the specified encoding, which can be 'binary', 'hex', or 'base64'.
  • diffieHellman.setPublicKey(public_key, encoding='binary') sets the Diffie-Hellman public key. Key encoding can be 'binary', 'hex', or 'base64'.
  • diffieHellman.setPrivateKey(public_key, encoding='binary') sets the Diffie-Hellman private key. Key encoding can be 'binary', 'hex', or 'base64'.


NOTE: The API is still subject to change.

I would appreciate getting a note if you actually do something useful with it. :) Play around with it and let me know what you think!