Cyber Security: ECDH for P-521 (Web Crypto Api) / secp521r1 (NodeJS Crypto) generate a slightly different shared secret

I have generated a public and private key pair with ECDH from NodeJS function _genPrivateKey(curveName = "secp384r1", encoding = "hex") { const private_0 = crypto.createECDH(curveName); private_0.generateKeys(); return private_0.getPrivateKey().toString(encoding); } BOB PRIVATE KEY 9d0c809d692c83c7d8d1355205dd78e679066fd9c15d12cdea3e1103b041873765264351e8939083b876d89d423301d8486a956da455ddbdc4a91ef60af7dd2325 BOB PUBLIC KEY [hex] 0400d7a342e89f501e1cd8224e2463ef1ad057c9b64bf45c1d3627cc1f06c055c80f75c2013c27b63dc984b467ecfc5202cf9a126ef1f1487e92b9acfb52abaeb7022e01f4259918ca34f442214a31d1bad329f9be1c67ce98af6621f622e44887264e856ee8c664a51e56f24008c932ee1cb5514c02d03ba27f6b6a1cd0aa0f8eac261250 [jwk] { key_ops: [ 'deriveKey' ], ext: true, kty: 'EC', x:'ANejQuifUB4c2CJOJGPvGtBXybZL9FwdNifMHwbAVcgPdcIBPCe2PcmEtGfs_FICz5oSbvHxSH6Suaz7UquutwIu', y:'AfQlmRjKNPRCIUox0brTKfm-HGfOmK9mIfYi5EiHJk6FbujGZKUeVvJACMky7hy1UUwC0Duif2tqHNCqD46sJhJQ', crv: 'P-521' } and Alice's keys from a web page with Web Crypto API const generateAlicesKeyPair = window.crypto.subtle.generateKey({ name: "ECDH", namedCurve: "P-521" }, false, ["deriveBits"] ); ALICE PUBLIC KEY 04000eefa90c3de22e79e6742f807806a603059d16afaa9f1bc69f420050aae100d0006e6510fe17a8f6767fe1e69bada039175ef5a375e30af4085e4315cf7527655f00ed9a39552a5f9170cc7626c1f4584d0e6de17870e336bcc5b6e251e3ea2c7cd9633e1afe2f9aee5f9a7445d38218c20695cc7ba2a462b67ce39a060e6464133609 --- When I try to derive the shared key a strange thing happens, the key has different bits at the end. NodeJS: function _getSharedSecret(privateKey, publicKey, curveName = "secp521r1", encoding = "hex") { const private_0 = crypto.createECDH(curveName); private_0.setPrivateKey(privateKey, encoding); const _sharedSecret = private_0.computeSecret(publicKey, encoding); return _sharedSecret }; Web Crypto API const sharedSecret = await window.crypto.subtle.deriveBits({ name: "ECDH", namedCurve: "P-521", public: publicKey }, privateKey, 521 ); Results: //NodeJS: 0089b99212c9348a6fd3aa78225a773a90ef45f57bbd10dc86d8e52fa26662c550b56d2368ee358ab240ceec10191b6cdd7d09bb0a8763ea48a487a5676ebdf7af[eb] //WebCryptoAPI: 0089b99212c9348a6fd3aa78225a773a90ef45f57bbd10dc86d8e52fa26662c550b56d2368ee358ab240ceec10191b6cdd7d09bb0a8763ea48a487a5676ebdf7af[80] This happens only with the curve P-521/secp521r1 but not with the curves P-256/secp256r1 P-384/secp384r1
http://dlvr.it/RyzxML

ECDH for P-521 (Web Crypto Api) / secp521r1 (NodeJS Crypto) generate a slightly different shared secret

No comments:

Post a Comment

iSecurity Feeds