Recently I’ve been thinking about the Diffie-Hellman protocol and its use for point-to-point setup of secure protocols - the so-called station to station protocol. Whilst I understand the principles behind it I’ve never had cause to actually implement the algorithm itself. I can already hear some of you shouting noooooooooo! but let me put your minds at rest. I’m not doing this in order to create yet another implementation, but simply as a way of understanding some of the issues surrounding the implemenation of cryptographic protocols.

For a complete treatment see the Wikipedia article, but generally the steps in the algorithm are as follows:

1. Alice generates a random number x, and sends the exponent to Bob.
2. Bob generates a random number y and computes the exponent.
3. Bob computes the shared secret key: k=(g^x)^y
4. Bob concatenates the exponentials, signs them using his asymmetric key B and encrypts with k. The cipher text is sent with his own exponent to Alice.
5. Alice computes the shared secret key from 4.
6. Alice decrypts and verifies Bobs signature.
7. Alice performs the same as 4.
8. Bob decrypts and verifies Alices signature.

Let’s see if I can actually implement something! :)