Diffie-Hellman secure messenger
Key exchange → encryption → transmission → decryption side by side.
This lab-quality walkthrough shows how two parties (Alice and Bob) establish a shared key using Diffie-Hellman, encrypt messages with AES-GCM, store ciphertext in a database, and what an intruder can see in transit.
Step 1
Exchange public keys (Diffie-Hellman)
Generate ECDH key pairs for Alice and Bob, exchange public keys, and derive a shared secret → AES key.
Alice public key
– not generated –
Bob public key
– not generated –
Shared secret (derived)
This is never sent over the wire; both sides compute it independently.
Derived AES-256 key
– waiting for key agreement –
Curve: P-256
Mode: AES-GCM 256-bit
Handshake log
Step 1b · Toy math
Tiny-number Diffie-Hellman walkthrough
Uses small integers so you can see every calculation. Do not use these values in the real world.
Public parameters
Prime p = 23
Generator g = 5
These can be known by anyone, including an intruder.
Secrets & public keys
Alice secret a = –
Bob secret b = –
Alice public A = g^a mod p = –
Bob public B = g^b mod p = –
Shared secret
Alice computes S = B^a mod p =
Bob computes S = A^b mod p =
If both numbers match, the handshake worked—even with tiny values.
Generate secrets to start.
Step 2
Sender (Alice)
Uses derived AES keyEncrypt a message with AES-GCM using the shared key, then store ciphertext in the database.
IV (nonce)
– not generated –
Ciphertext (stored/transit)
– none yet –
Step 3
Receiver (Bob)
Decrypt with same keyPull encrypted rows from the database, then decrypt locally with the shared AES key.
Latest ciphertext from DB
– pull to view –
Decrypted plaintext
– waiting to decrypt –
Database message feed (most recent first)
What the intruder sees
The modal shows exactly what is observable on the wire: IV + ciphertext + metadata. There is no usable plaintext without the shared key.
Try sending first, then open this view.