Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add public key encryption #216

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Add public key encryption #216

wants to merge 4 commits into from

Conversation

evanphx
Copy link

@evanphx evanphx commented Apr 6, 2020

This adds the ability for nodes to encrypt traffic between them using curve 25519 keys. The model does not use a trust relationship between the nodes based on the keys, the keys are used solely to further armor the encryption as it goes over the wire. This provides protection against people being able to intercept traffic and brute force the cluster wide encryption key.

Authorization to the cluster is provided by a new AccessKey config parameter, which is mixed into the shared secret derived from the public/private keys. This provides a similar access control mechanism as the current Secret Key mechanism, but without exposing the cluster to long term brute forcing.

The private keys used by each node are generated one node start, they are not stored on disk at all. This introduces the idea of an "encryption partition", where node A might send a message to node B with node B's old public key. B will thusly reject the message and node A will observe B as being down. This is effectively the same as if B were actually down. When node B started up, it sent it's new public key in alive messages to cluster members. Alive gossiping means that eventually A will observe B's new public key and the partition will be resolved.

This adds the ability for nodes to encrypt traffic between them using
curve 25519 keys. Address is extended to allow a pubilc key to be
specified along with the nodename, ip, and port. This scheme reuses the
AES encryption bits, using curve 25519 Diffie-Hellman to simply compute
the key to encrypt the payloads with.

Additionally, if a secret access key is provided, it use mixed into the
encryption key. This allows the secret key to be used as a cluster
access token which is not exposed as encryption material and thusly does
not need to be rotated the same as it otherwise would be.
@evanphx evanphx requested review from mitchellh, rboyer and armon April 6, 2020 22:18
encryption.go Show resolved Hide resolved
@daneshcamp
Copy link

thnks
bug fixed

@hashicorp-cla
Copy link

hashicorp-cla commented Sep 9, 2021

CLA assistant check
All committers have signed the CLA.

@rboyer rboyer removed their request for review May 11, 2022 14:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants