Skip to content

Blog#

An Example ECDH Key Exchange with HKDF and Authenticated Encryption in Rust

I recently created an example project which implements an ephemeral key exchange between a client and server over TCP. The program uses the Ring cryptography library to compute a shared secret using the X25519 algorithm. Two session keys are derived from the output of the key exchange using HKDF and then messages are encrypted and authenticated between the client and server using AES-GCM with a hash transcript to verify that both the client and the server are seeing exactly the same messages in the same order. In this post I walk through how I built the project and explain the reasoning and design considerations at each step.

Group Theory Continued - Rings & Fields

In my previous post I introduced the idea of a group, which is an abstract mathematical concept that is defined as a set with a binary operation fulfilling a few mathematical properties. Many cryptography primitives are based on the mathematics of groups such as asymmetric encryption, digital signatures and zero knowledge proofs, which we will cover later. In this post I introduce rings and fields and explain how they relate to groups.

Introduction to CryptoPals - Solutions to Set 1 in Rust

CryptoPals is a popular set of problems that can be used as an alternative way to learn about cryptography, how to implement and even how to break it. There are 8 sets of problems to get through and each set has approximately 8 challenges to solve.

From the website... 'This is a different way to learn about crypto than taking a class or reading a book. We give you problems to solve. They're derived from weaknesses in real-world systems and modern cryptographic constructions. We give you enough info to learn about the underlying crypto concepts yourself. When you're finished, you'll not only have learned a good deal about how cryptosystems are built, but you'll also understand how they're attacked.'

I've decided to have a go at solving these challenges and have recently completed the first set, so here are my solutions to CryptoPals Set 1 in Rust.

Authenticated Encryption in Rust using Ring

Authenticated Encryption with Associated Data (AEAD) is a modern cryptography primitive that enables secure encryption and decryption of data using a symmetric key in a way that prevents it from being altered or tampered with. The Ring cryptography library implements the AES-GCM and ChaCha20-Poly1305 authenticated encryption algorithms which are two of the most commonly used schemes on the internet. In this post I show you how to use the ring::aead module to generate an encryption key, encrypt some data and then decrypt using the provided UnboundKey, SealingKey and OpeningKey types.

Ring by Example - Sample Code Cheatsheet

I have been writing about the Ring cryptography library for a while now and so in this post I am sharing a resource which I think will be a useful reference for developers implementing applications or protocols using the library.

This is basically a cheatsheet of example code showing how to use each of the cryptography primitives supported by Ring. I've tried to keep the examples as simple as possible in order to make the code samples easy to read through and as re-usable as possible. For a more detailed explanation on how to use each of the modules you can see my previous posts on each topic which are linked in the relevant sections below.

ECDH Key Agreement in Rust using Ring

In this post I show you how to implement an ECDH key exchange using the agreement module of the Rust cryptography library Ring. We will go through generating a public/private key pair, exchanging public keys with a peer and then using the agree_ephemeral function to securely compute a shared secret.

Introducing Fluent Hash - A Rust Hashing Library with a Fluent Interface

fluent-hash is a new open source Rust library which I recently published to crates.io (see here). I wanted to try creating and publishing a Rust library and so I thought I'd start with something simple and hopefully useful for other developers. It is a simple and lightweight hashing library which provides a fluent interface for creating and formatting hash values. It builds upon the foundations of the trusted cryptography library Ring (which is currently one of the most popular libraries in the Rust cryptography space), by providing a thin wrapper on top of Ring's digest module. See the Github link for the new project here.

In this post I will show you how to import the library into your Rust project and how to use the Hashing, Hash and HashContext types for creating hashes from various data types. I also show you how to format Hash values as bytes or hexadecimal using the provided convenience methods.