Diffie-Hellman Demo (via Python)

Neil Rieck
Waterloo, Ontario, Canada.
https://neilrieck.net

Caveat: This demo occasionally breaks at this hobbyist site. If you notice any problems then please send me an email here: n.rieck@bell.net
Update: This demo broke after I migrated this site from CentOS7 to AlmaLinux8 (via ELevate) which introduced a new version of Apache. While cgi scripting continued to work via http, it failed via https. That problem is now fixed (sorry for any inconvenience)

Additional information for inquiring minds

Overview
- The Diffie-Hellman algorithm occurs as part of the symmetric key cryptography handshake (the same key is used to encrypt and decrypt). Think about the jail cell-door lock seen in western movies where one key is used to both lock and unlock.
- Eve, the eavesdropper could see a few things (RED) which could be a worrisome for those people who think that Eve might have access to a super computer to helper her decode what is happening.
- However, if this DH handshake is first concealed by asymmetric key cryptography (also known as public key cryptography) where a pubic key (which is derived from the server's certificate) is used to encrypt, but a private key is used by the server to decrypt, then Eve will see no part of the symmetric handshake.
  - optional: during the ssl-handshake, the far end server will request an optional client-side certificate. This is normally not used where online vendors really only care if you have provided a valid credit card number. But if you have created/configured a client side certificate, then this is the time that you will transmit your client certificate (which contains the client public key) to the server. You will then use your client private key to encrypt messages (also called signing) sent over the already encrypted connection. This means that everything will be doubly encrypted until the switch over to symmetric key encryption.
- Why not use asymmetric keys all the time?
  - first off, asymmetric key cryptography is CPU intensive while symmetric key cryptography is tiny by comparison.
  - secondly, there is an added benefit to using two levels of obfuscation.
Source Code:
- python: notes - for people new to python programming
- diffie-hellman: standalone - for people curious about the Diffie-Hellman algorithm (written in Python3)
- difffe-hellman: web - for people curious about client-server web applications (written in Python3)

Diffie-Hellman Key Exchange Demo (via Python)