I'm trying to understand how to implement key exchange using nettle's curve25519 functions. I'm writing an software that establishes encrypted TCP connection with public key based authentication. The client and server programs share the same code base.
This is an hobby project to learn network and crypto programming. :-)
I have working toy app using nettle's rsa_encrypt function, but there is no equivalent to curve25519 from what I see. How do I do key exchange using nettle's curve25519 functions?
And to be clear, I know I could and probably should simply use any production quality TLS library like openssl, but I want to learn how to do encrypted TCP connection from scratch. Using TLS library would defeat that purpose. I compared many crypto libraries and found nettle as most easily approachable since it is low level.
Elliptic curves, generally, are used for key 'agreement' rather than key 'exchange'.
I don't know how much you know about this so I'll briefly explain:
RSA - we generate a random symmetric key, encrypt it with the public key of the recipient, who themselves later decrypts and uses it.
ECC (Elliptic curve crypto) - we use a process called Elliptic Curve Diffie-Hellman, due to the commutative nature of the multiplication of curve points, we can establish the same point on the curve by multiplying theirPublicKeyPoint * ourPrivateKeyPoint * G, where G is the curves base point.
So, in summary:
curve25519, also known as x25519, nettle's function is this.x co-ordinate of to generate the symmetric key. Though this is usually done by the lib.