Both players must contribute to the secret and a confounding factor is required to exchange the contributions without revealing them.
Commanding OpenSSL to do the hard work
First your secret contribution:
Code: Select all
openssl genpkey -algorithm X25519 -out contribution
Now the confounded version for sharing:
Code: Select all
openssl pkey -in contribution -pubout -out confounded
Code: Select all
-----BEGIN PUBLIC KEY-----
MCowBQYDK2VuAyEAIA2nOyv2LtvlcLqEHQz6owx9dBQ7Ie74U+B7qmXnqEk=
-----END PUBLIC KEY-----
When 2 players have pasted their confounded contributions, they can compute their common secret:
Code: Select all
openssl pkeyutl -derive -inkey contribution -peerkey another_confounded -out common_secret