-
Notifications
You must be signed in to change notification settings - Fork 0
Encryption
The encryption excom uses will be based off of the NaCl library.
Each server and client will have a public/private key pair, which
is used to identify that endpoint. The public key must be sent
to the other endpoint:
server ------- public key --------> client
server <------ public key --------- client
The public key must contain the signatures of the public key of those who endorse the identity of the owner - very much like the PGP/GPG system. The signatures should be of the hash of the key itself, signed by the keypair of the person who endorsed them. The public key can also contain any revocations of signatures made, which should be signed by the public key's keypair, and contains the hash of the public key that it is revoking.
The basic layout, then, of the public key should be this:
+-------------------------------+
| Public Key |
|-------------------------------+
| Signatures of Endorsers |
+-------------------------------+
| Revocation of Signatures |
+-------------------------------+
A generic JSON format of that would be:
{
"public_key": {
"data": "<base64 encoded data>",
"owner": "drcat"
},
"endorsers": [
{
"owner": "nurse",
"signature": "3c363836cf4e16666669a25da280a1865c2d2874",
"signed_on": "12 JAN 2014 04:00:00"
}
],
"recovations": [
{
"owner": "businesscat",
"hash": "58e6b3a414a1e090dfc6029add0f3555ccba127f",
"revoked_on": "13 JAN 2014 07:00:00"
}
]
}After the public keys are exchanged, the server generates a shared secret and encrypts it with the client's public key, sending the encrypted result to the client. This shared secret will be used for symmetric encryption of the rest of the protocol.