Hi, thank you for this awesome library!

One algorithm that I'd like to see implemented is plain Diffie-Hellman (DH).

Reason: As of now, even though ECDH is supported, DH is still required for a compliant SSH implementation (see RFC 9142, §4, diffie-hellman-group14-sha256 is MUST).

I did some preliminary research and it seems like this is the support on different platforms:

• JDK: ✅ (via SunJCE JCA Provider)
• OpenSSL: ✅
• CommonCrypto: ✅
• CryptoKit: ❌ (but as I understand it, CommonCrypto or OpenSSL could still be used as fallbacks on an Apple platform)
• WebCrypto: ❌ (but https://www.npmjs.com/package/diffie-hellman exists)

Therefore I think it could be implemented by adding it to the JDK, OpenSSL and CommonCrypto providers, covering every platform except for web. The diffie-hellman npm package seems to wrap an integrated implementation on NodeJS but is a plain JS Impl for Browser (because WebCrypto does not support DH). I wouldn't consider a self-made plain JS implementation secure in regards to XSS or sidechannel/timing attacks, there is also a story about a vulnerable DH implementation in Firefox, which was removed. So, if this package is used, the web impl should atleast have some delicate API annotation warning about security considerations.

Generally speaking, I'd consider DH as a legacy algorithm (thanks to ECDH) but still required for certain protocols.

I'd be interested in helping with the implementation, if someone could give me some pointers on where to start. Should I open a new issue for this?

Originally posted by @RaphaelTarita in #15