-
Notifications
You must be signed in to change notification settings - Fork 76
Provide interfaces related to the abstract cryptographic operation being done #92
Comments
Obvious:
|
We can now use the resulting
Which brings us to the interface for Authenticated Encryption:
And the asymmetric version would be
Doing AE with RSA is pretty common nowadays too, so I think this is the right interface. We can should provide
Then we could provide some default types for NaCl boxes, RSA and Ed25519. I'm pretty much free right now so I can do it if you like the idea. |
Warning: doing encryption and signing using same RSA key leaks information and is potentially unsafe. |
My primary concern is not the concrete implementations but the interfaces. I don't plan to make changes to the Looking at the code, currently we seem to allow using the same keys for encryption and signing. We might want to fix that too. Filed libp2p/go-libp2p-crypto#9. |
Looking at the interfaces I proposed again, this all feels weird. E.g. the key exchange is not performed by the keys, but it's two communicating entities using the Keys to negotiate a shared secret. The key doesn't sign the data, it's the algorithm using the key. I'll think about interfaces that reflect that. |
How about
This way it behaves a bit more like a |
The current
PrivKey
is aKey
that can also sign stuff, so it actually is aSigKey
. You could also let MACs implement this interface.SigKey
andVerifyKey
)KXPrivKey.Exchange(KXPubKey
)SignKey
andVerifyKey
as well asEncryptKey
andDecryptKey
andAuthEncKey
andAuthDecKey
(as ingolang.org/x/crypto/nacl/secretbox
).golang.org/x/crypto/nacl/box
).I'll keep on thinking about this and drop some notes over the day.
The text was updated successfully, but these errors were encountered: