ECDH with HKDF using c#

Question

What is the best way to implement a elliptic curve diffie hellman using HKDF as key derivation function in windows using native windows functionallity.

I couldn't get ECDiffieHellmanCng from (https://docs.microsoft.com/en-us/windows/win32/seccng/cng-portal) running as it only support the following KDF (tls, hmac, hash)

Other libraries are not prefered (only if there is no native support for this)

Answer 1

For the moment i did not find a way to use windows only (cng, or dotnet5 crypto lib) to do a ECDH secret exchange that doesn't use a key derivation function (to get the plain secret).

So i could not use HKDF key derivation function.

The way i went was to use Bouncy Castle ECDH and also Bouncy Castle HKDF.

That worked for me.

Sadly i have to deploy another dependency (even if its a great crypto library)

Answer 2

You can actually do ECDH with HKDF using the ECDiffieHellmanCng library. The DeriveKeyFromHmac() performs the key agreement as well as the HKDF Extract function, so all that is left is to perform the HKDF Expand to get your shared secret, for example:

var ecdh = new ECDiffieHellmanCng();
var extractedSecret = ecdh.DeriveKeyFromHmac(otherPartyKey, HashAlgorithmName.SHA256, salt, prependData, appendData);
var sharedSecret = HKDFExpand(extractedSecret, info, length);