The KeyExchange module is used to exchange communication keys between two parties, assuming that both have created a profile and have a public facing partial Diffie Hellman key part (the combination of their own secret and the shared secret). The key exchange consists of three steps:

  1. create a new communication key, that will be used by both parties for en- and decryption and store it on the initiators side
  2. look up the other parties partial Diffie Hellman key part and combine it with the own private key to create the exchange key
  3. use the exchange key to encrypt the communication key and send it via bmail (blockchain mail) to other party

Basic Usage

Starting the Key Exchange Process

This example retrieves public facing partial Diffie Hellman key part from a second party and sends an invitation mail to it:

// account, that initiates the invitation
const account1 = '0x0000000000000000000000000000000000000001';
// account, that will receive the invitation
const account2 = '0x0000000000000000000000000000000000000002';
// profile from user, that initiates key exchange
const profile1 = {};
await profile1.loadForAccount();
// profile from user, that is going to receive the invitation
const profile2 = {};
await profile2.loadForAccount();
// key exchange instance for account1
const keyExchange1 = {};
// key exchange instance for account2
const keyExchange2 = {};

const foreignPubkey = await profile2.getPublicKey();
const commKey = await keyExchange1.generateCommKey();
await keyExchange1.sendInvite(account2, foreignPubkey, commKey, {
  fromAlias: 'Bob',           // initiating user states, that his name is 'Bob'
await profile1.addContactKey(account2, 'commKey', commKey);
await profile1.storeForAccount(profile1.treeLabels.addressBook);

Finishing the Key Exchange Process

Let’s assume that the communication key from the last example has been successfully sent to the other party and continue at there end from here. To keep the roles from the last example, the variables profile1, profile2 will belong to the same accounts:

const encryptedCommKey = '...';       // key sent by account1
const profile1 = await profile1.getPublicKey();
const commSecret = keyExchange2.computeSecretKey(profile1);
const commKey = await keyExchange2.decryptCommKey(encryptedCommKey, commSecret.toString('hex'));


new KeyExchange(options);

Creates a new KeyExchange instance.


  1. options - KeyExchangeOptions: options for KeyExchange constructor.
    • account - string: account, that will perform actions
    • cryptoProvider - CryptoProvider: CryptoProvider instance
    • defaultCryptoAlgo - string: default encryption algorithm
    • keyProvider - KeyProviderInterface: KeyProviderInterface instance
    • mailbox - Mailbox: Mailbox instance
    • log - Function (optional): function to use for logging: (message, level) => {...}
    • logLevel - LogLevel (optional): messages with this level will be logged with log
    • logLog - LogLogInterface (optional): container for collecting log messages
    • logLogLevel - LogLevel (optional): messages with this level will be pushed to logLog
    • privateKey - object (optional): private key for key exchange, if privateKey or publicKey is omitted, new keys are generated
    • publicKey - object (optional): public key for key exchange, if privateKey or publicKey is omitted, new keys are generated


KeyExchange instance


const keyExchange = new KeyExchange({
  defaultCryptoAlgo: 'aes',
  account: accounts[0],



Combines given partial key from another profile with own private key.


  1. partialKey - string: The options used for calling


string combined exchange key


// encrypted communication key sent from account 1 to account 2
const encryptedKey = '...'
// (profile 1 belongs to account 1, keyExchange 2 to account 2)
const publicKeyProfile1 = await profile1.getPublicKey();
const commSecret = keyExchange2.computeSecretKey(publicKeyProfile1);
commKey = await keyExchange2.decryptCommKey(encryptedKey, commSecret.toString('hex'));


keyExchange.decryptCommKey(encryptedCommKey, exchangeKey);

Decrypts a given communication key with an exchange key.


  1. encryptedCommKey - string: encrypted communications key received from another account
  2. exchangeKey - string: Diffie Hellman exchange key from computeSecretKey


Promise returns Buffer: commKey as a buffer


Returns the public and private key from the diffieHellman.




Promise returns any: object with public and private keys


console.dir(await keyExchange.getDiffieHellmanKeys());
// Output:
// {
//   private: '...',
//   public: '...',
// }



Generates a new communication key end returns the hex string.




Promise returns string: comm key as string


console.dir(await keyExchange.generateCommKey());
// Output:
// '1c967697c192235680efbb24b980981b4778c8058b5e0864f1471fc1d941499d'


keyExchange.getExchangeMail(from, mailContent[, encryptionCommKey]);

Creates a bmail for exchanging comm keys.


  1. from - string: sender accountId
  2. mailContent - any: bmail metadata
  3. encryptedCommKey - string (optional): comm key, that should be exchanged


Promise returns Mail: mail for key exchange


const commKey = '1c967697c192235680efbb24b980981b4778c8058b5e0864f1471fc1d941499d';
const mail = keyExchange.getExchangeMail(
  { fromAlias: 'user 1', fromMail: '', title:'sample', body:'sample', }
// Output:
// { content:
//    { from: '0x0000000000000000000000000000000000000001',
//      fromAlias: 'user 1',
//      fromMail: '',
//      title: 'sample',
//      body: 'sample',
//      attachments: [ [Object] ] } }


keyExchange.sendInvite(targetAccount, targetPublicKey, commKey, mailContent);

Sends a mailbox mail to the target account with the partial key for the key exchange.


  1. string - targetAccount: receiver of the invitation
  2. string - targetPublicKey: combination of shared secret plus targetAccounts private secret
  3. string - commKey: communication key between sender and targetAccount
  4. any - mailContent: mail to send


Promise returns void: resolved when done


const foreignPubkey = await profile2.getPublicKey();
const commKey = await keyExchange1.generateCommKey();
await keyExchange1.sendInvite(accounts[1], foreignPubkey, commKey, { fromAlias: 'Bob', });
await profile.addContactKey(accounts[1], 'commKey', commKey);
await profile.storeForAccount(profile.treeLabels.addressBook);


keyExchange.setPublicKey(publicKey, privateKey);

Set the private and public key on the current diffieHellman object.


  1. publicKey - string: public Diffie Hellman key
  2. privateKey - string: private Diffie Hellman key


(no return value)


keyExchange.setPublicKey('...', '...');