Sie befinden sich hier: start » en » Internal Documentation » WvdS Crypto Library » 5. API Reference » KeyExchange Namespace

Inhaltsverzeichnis

KeyExchange Namespace

Namespace: WvdS.System.Security.Cryptography.KeyExchange

Contains classes for post-quantum key exchange with ML-KEM.

Classes

Class Description
KeyExchangeService High-level service for client/server key exchange
EphemeralKeyPair Container for ephemeral ML-KEM/ML-DSA key pairs
SecureSession Represents an established secure session

Request/Response Classes

Class Description
KeyExchangeInitRequest Client initiation message
KeyExchangeInitResponse Server response message
KeyExchangeConfirmRequest Client confirmation message
KeyExchangeConfirmResponse Server confirmation response

Protocol Flow

Client                              Server
  |                                    |
  +- GenerateClientKeysAsync()         |
  |                                    |
  +- CreateInitRequest() ------------->|
  |   (ML-KEM PubKey + ML-DSA Sig)     |
  |                                    +- ProcessClientRequest()
  |                                    |   (Verify, Encapsulate)
  |<---------------------- InitResponse -+
  |   (Ciphertext + ML-DSA Sig)        |
  |                                    |
  +- ProcessServerResponse()           |
  |   (Verify, Decapsulate)            |
  |                                    |
  +- CreateConfirmRequest() ---------->|
  |   (HMAC Confirmation)              |
  |                                    +- VerifyConfirmation()
  |<---------------- ConfirmResponse --+
  |                                    |
  v                                    v
  SecureSession                   SecureSession
  (Shared Secret)                 (Shared Secret)

Example

using WvdS.System.Security.Cryptography.KeyExchange;
 
var kex = new KeyExchangeService();
 
// === Client ===
var clientKeys = await kex.GenerateClientKeysAsync();
var initRequest = await kex.CreateInitRequestAsync(clientKeys);
 
// Send initRequest to server...
 
// === Server ===
var serverKeys = await kex.GenerateServerKeysAsync();
var (response, serverSession) = await kex.ProcessClientRequestAsync(
    initRequest, serverKeys);
 
// Send response to client...
 
// === Client ===
var clientSession = await kex.ProcessServerResponseAsync(
    response, clientKeys);
 
// Both now have identical shared secret!

Main Methods

KeyExchangeService

Method Description
GenerateClientKeysAsync Generate client-side keys
GenerateServerKeysAsync Generate server-side keys
CreateInitRequestAsync Create initiation message
ProcessClientRequestAsync Server processes client request
ProcessServerResponseAsync Client processes server response
CreateConfirmRequestAsync Create confirmation message
VerifyConfirmationAsync Verify confirmation

See Also

, ,

Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional

Zuletzt geändert: on 2026/01/29 at 11:15 PM

Seiten-Werkzeuge