Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create a high level API for securing messages #5

Open
jvz opened this issue Nov 21, 2020 · 3 comments
Open

Create a high level API for securing messages #5

jvz opened this issue Nov 21, 2020 · 3 comments
Assignees
@jvz
Labels
enhancement New feature or request
Milestone
1.0

Comments

@jvz
Copy link
Contributor

jvz commented Nov 21, 2020
edited

Consider the design of Themis: https://docs.cossacklabs.com/themis/crypto-theory/cryptosystems/secure-message/

And consider the NaCl and libsodium API, the box APIs for authenticated public-key encryption, and the sealed box APIs for anonymous public-key encryption.

Create an analogous API here using XChaCha20-Poly1305 and X25519. This should cover sending encrypted messages and signed messages.

Essentially, given Alice and Bob both have XDH keypairs, we can compute a shared secret to generate a symmetric key. Implementing a perfect-forward-secrecy variant involving ephemeral keypairs and signatures for authentication rather than the static XDH keys would be out of scope for messages at this level and is scoped in #6.
@jvz jvz added the enhancement New feature or request label Nov 21, 2020
@jvz jvz added this to the 1.0 milestone Nov 21, 2020
@jvz jvz self-assigned this Nov 21, 2020
@jvz jvz modified the milestones: 1.0, 1.1 Nov 21, 2020
@jvz
Copy link
Contributor Author

jvz commented Dec 6, 2020

After much experimentation, it seems like Ristretto255 is a bit easier to use for this purpose. https://github.com/jedisct1/libsodium-signcryption provides a nice pattern and implementation. Combined with a similar strategy to #4, a complete message crypto API is possible.

@jvz jvz mentioned this issue Dec 6, 2020
Closed
jvz added a commit that referenced this issue Dec 7, 2020
@jvz
Add initial vault operations
567a420 
This implementation aims to be compatible with libsodium ristretto255 signcryption and XChaCha20-Poly1305. This relates to #5 with an enhanced implementation of #1.
@jvz
Copy link
Contributor Author

jvz commented Dec 7, 2020

https://datatracker.ietf.org/doc/draft-irtf-cfrg-ristretto255-decaf448/

@jvz
Copy link
Contributor Author

jvz commented Dec 12, 2020

I created a small test program in C++ using libsodium-signcryption to generate test data and updated the test here to match accordingly: https://github.com/o1c-dev/o1c-compat-tests

jvz added a commit that referenced this issue Apr 18, 2021
@jvz
Create initial high level APIs
889058c 
Related to #4 and #5
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jvz jvz

Labels
enhancement New feature or request
Projects
None yet
Milestone
1.0
Development

No branches or pull requests
1 participant
@jvz