Search code examples

Why is the ECC-DH Symmetric Key Of This Site Different From OpenSSL

I am using (this site's) Javascript library and OpenSSL Ruby to compute the symmetric key of Elliptic Curve Diffie Hellman.

However, from my results, OpenSSL Ruby only generated one key unlike that on the site which has X and Y symmetric keys. I am baffled as my OpenSSL symmetric key doesn't match either one of those x and y on the site.

The symmetric(shared secret) keys I got using secp224r1 curve:

Ruby OpenSSL


Using Site's JS Library

x: 26210366144026557327555572210249241206666031403062020900473236895358
y: 19676808255388748321882118528911150828003358302170965920476006073155

My questions are:

1) Why does OpenSSL Ruby yields only one key while that size yields two keys: x and y (as I've assumed x and y won't be concatenated with each other since the bitsize will be too long when compared to the Ruby symmetric key)

2) Is there a way to convert the two symmetric keys (OpenSSL and JSBN-EC library above) from one another? All my attempts to convert failed.

I've been struggling for a week now implementing Ruby OpenSSL with that JSBN-EC library. I've also tried (SJCL library) but similar results (symmetric keys don't match). Please help.


  • I've managed to work it out now with working symmetric keys on client (JSBN-EC) and on server OpenSSL Ruby

    I found out that my problem actually lies in the code itself. After fixing it, I've ended up with a symmetric key on OpenSSL Ruby as follows:

    #Ruby: OpenSSL
    symm_key = ec.dh_compute_key(point)
    symm_key.unpack('B*').first.to_i(2) #Converts to binary, then to integer
    #--> 6922380353406615622038660570577625762884344085425862813095878420328

    While on the client side using JSBN-EC

    #Javascript: JSBN-EC
    var curve = get_curve();
    var P = new ECPointFp(curve,
    var a = client_priv_key;
    var S = P.multiply(a);
    console.log('SYMM_KEY X: '+S.getX().toBigInteger().toString());
    //--> 6922380353406615622038660570577625762884344085425862813095878420328
    console.log('SYMM_KEY Y: '+S.getY().toBigInteger().toString());
    //--> 14426877769799867628378883482085635535383864283889042780773103726343

    Therefore from the looks of it, the symmetric key that matches the Ruby OpenSSL value is the X value of the JSBN-EC symmetric key


    I don't know what the Y value is now for. Looks like I won't need it. Cheers! :)