Hi, I am trying to integrate our web application with Milestone using the Mobile Server’s Web Platform.
I have already read the following pages:
- https://doc.developer.milestonesys.com/mipsdkmobile/reference/protocols/mobile_intro.html
- https://doc.developer.milestonesys.com/mipsdkmobile/reference/protocols/mobile_appendix.html
- https://doc.developer.milestonesys.com/mipsdkmobile/reference/protocols/mobile_logon.html
After performing the “Connect” command I would receive the Mobile Server’s public key. This public key, together with my platform’s public key, will then be used in Diffiie-Hellman Key exchange algorithm to generate the secret key for encrypting the login credentials.
However, I am at a loss in how to execute the D-H algorithm to the public keys since they are both strings. Searching online shows that it is used for numbers, how do I go about this?
I understood which prime module and generator I need to use for the D-H algorithm. But I’m lost after this.
Additionally, after the shared key has been generated, do I use the entire shared key for encrypting the log in credentials? or just the first 16 bytes?
Hi Timothy,
To be honest, what your are trying to do is not a trivial task.
My primary advice will be to try to use the MIP SDK Mobile for JS, because all this is implemented in it.
And you will have access to a lot of “wrapper” objects that are made for convenience.
There are also many JS samples, based on the MIP SDK Mobile.
The concept of DH is slightly different from what you describe.
Actually you need to use your (client’s) PRIVATE key and server’s PUBLIC key in order to generate “common shared secret key” (CSSK).
In the same way in the Mobile server are used client’s PUBLIC key and server’s PRIVATE key to generate the same “common shared secret key”.
You are right that afterwards from the CSSK are used only first bytes for the key and IV (initialization vector).
If you really want to implement it by yourself, I would advice you to look at the MIP SDK Mobile for JS and use MAP files to extract some of the actual code used in the SDK.
Also if your Mobile server is serving on HTTPS, you could try to use un-encrypted (plain-text) credentials. In order to do that you will need to change a little bit the server configuration.
Hi! Thank you for responding. I have solved this issue by going through the samples once more.
What I did was manually call the Difie-Hellman library that was included in the samples.
../mipsdkmobile-web-main/Lib/security/DiffieHellman.js
I had to then import the other libraries in the same folder that was required for DiffieHellman.js.
After this I was able to create the public key and generate the secret shared key after setting the server’s public key.
The DiffieHellman library also contained the encoding of the credentials which was nice.
Thanks!
