Private Key (Base64):
Public Key (Base64):
Shared Secret (Base64):
Shared Secret (Ascii85):
Shared Secret (Base32):
This is a 100% local browser-based X25519 Diffie-Hellman key exchange to enabled two individuals to mutually agree on a 128bit pre-shared-key. Please note that this does NOT perform authentication (validating the person you are talking to is who they say they are) but what it does do is protect your shared secret against eavesdroppers (wiretap/MITM attack).
Press "Generate Key Pair" if you do not have a pre-existing Private Key you would like to use. If you do, press "Use Custom Private Key". The last used key-pair will be saved to browser local storage. It is recommended you generate a new key-pair when you are done to clear the browser local storage.
Have the remote party send you their PUBLIC KEY over any communication channel. It does not matter if the channel is secure (that is the point of this web app). Do NOT ask them for their private key. If they send you their private key, have them generate a new key-pair.
Enter the remote party's' Public-Key into the provided text-box
Press "Compute Shared Secret"
The browser app will display 3 different encoding formats for the generated secret. Ascii85 provides the largest character-set but this shouldn't matter as encoding methods like Base32 (uppercase letters and numbers only) will just have more characters in them. All generated keys will provide 128 bits of security but you may be forced to use one over another due to constraints such as max PSK size or a limited allowable character set on your system.
Set your PSK (in VPN tunnel config, encrypted file password, etc.) to one of the generated PSK's
Tell the other party which encoding method you used so they can set their end to match (e.g. setting a PSK in a VPN config or just entering the secret into 7zip to decrypt a file you sent them)