Diffie Hellman Key Exchange

Top  Previous  Next

 

"Diffie–Hellman key exchange is a specific method of exchanging cryptographic keys. It is one of the earliest practical examples of key exchange implemented within the field of cryptography. The Diffie–Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher." [wikipedia]

 

 

Using Cybele's ThinAPI library to perform a Diffie Hellman key exchange:

 

1. Add the Cybele.ThinAPI.dll to your application. It is available on the Demo application under the 'bin' directory.

2. Create an object instance of the DHCypher class.

3. Call the 'Init' method, sending the ThinRDP Server address as argument. This method is responsible of negotiating the key with ThinRDP Server.

4. Call the EncodeStr method passing as an argument the data to be encrypted .

 

    c# example:

 

using Cybele.ThinAPI;

 

...

 

      DHCypher myDHCypher = new DHCypher();

       myDHCypher.Init("http://127.0.0.1:8443");

       authInfo = HttpUtility.UrlEncode(myDHCypher.EncodeStr(authInfo));

 

...

 

 

 

 

Sending encrypted data:

 

After performing the Diffie Hellman key exchange, the external application may send the encrypted data to ThinRDP Server preceded by an * symbol.

 

c# example:

 

using Cybele.ThinAPI;

 

...

       authInfo = "*" + authInfo;

 

...

 

The authentication information is then ready to be sent to ThinRDP Server within the URL, following one of the two formats below:

 

http:// + authInfo + @127.0.0.1:8443

 

The authInfo would be "username:password" encrypted with the Diffie Hellman method, preceded by an * symbol.

 

http://127.0.0.1:8443/asp/?authInfo

 

The authInfo should be "_userid=username&_apikey=apiKeyValue", also encrypted and preceded by an * symbol.

 

Both methods above are used on the Demo example. The first one works by default, and the second one works when there is an ApiKey set on the web.config file.

 

 

SDK and External Authentication:

 

If you want to use the External Authentication with the ThinRDP SDK (remote mode), the authInfo must not be included in the URL.

In that case, you should send the "credentials" on the post to ThinRDP Server.

 

Assign the credentials to ThinRDP form, before calling the connect method:

 

mythinrdp = GetThinRDP("127.0.0.1", true);

mythinrdp.getForm().elements["credentials"].value = "<%=authInfo%>";.

mythinrdp.connect({...});

 

The authInfo can consist of "username:password" or "username:apiKey", and should also be encrypted and preceeded by an * symbol.

 

See also: the C# asp.net SDK demo, and have access to the complete example.