-
|
The shareKey generated by using p256.getSharedSecret does not match the sharekey generated by OpenSSL ECDH_compute_key, nor does it match the sharekey generated by using subarray(1). |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 4 replies
-
|
I have no idea. noble multiplies point B by secret scalar A, which is the general definition of shared secret / ecdh. It must always be the same between all implementations. Ensure the output is compressed / uncompressed depending on your needs. noble-curves/src/abstract/weierstrass.ts Lines 921 to 926 in a1a7dc9 |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for your answer, I need your help, c++ ECDH_compute_key returns 32 bytes of data, getSharedSecret returns 33 bytes after compression, and 65 bytes without compression, I tried subarray(1), but the result still does not match. There are no examples to exchange with C++. |
Beta Was this translation helpful? Give feedback.
-
|
I'm seeing this too, but using Did you get to the bottom of it? |
Beta Was this translation helpful? Give feedback.
-
|
if it's 32 bytes, then it's either: a. SLICED: There is no standard for ECDH. 32 bytes, 33 bytes, hashing or kdfing all make sense depending on ones needs. We provide the most flexible output, that can be converted to anything you'd like. |
Beta Was this translation helpful? Give feedback.
-
|
A case of a just enough knowledge to be dangerous I fear... |
Beta Was this translation helpful? Give feedback.
if it's 32 bytes, then it's either:
a. SLICED:
res.slice(1, 33)b. HASHED:
sha256(res.slice(1, 33))c. HKDFED:
hkdf_sha256(res.slice(1, 33))d. SLICED and HASHED/HKDFED: b or d, but replace
res.slice(1, 33)withdecompRes.slice(1, 65),res.slice(0, 33)ordecompRes.slice(0, 65)There is no standard for ECDH. 32 bytes, 33 bytes, hashing or kdfing all make sense depending on ones needs. We provide the most flexible output, that can be converted to anything you'd like.