Temporary RSA + AES
Use a temporary RSA key which is signed and encrypted by the normal RSA key to establish a temporary communication channel which will protect past and future communications because the key is only temporary. Also, it is hard for the government to request this key because the software only stores it for a short period of time.
The public key from the temporary RSA key is sent to a friend we are trying to establish a connection to. This creates a secure communication channel on which an AES session can be established.
Blueprint information
- Status:
- Not started
- Approver:
- Vomun Security Team
- Priority:
- High
- Drafter:
- Vomun Security Team
- Direction:
- Approved
- Assignee:
- Vomun Security Team
- Definition:
- Discussion
- Series goal:
- Accepted for 0.0.0
- Implementation:
-
Not started
- Milestone target:
-
build-8
- Started by
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
What it fixes:
- It is possible to establish a secure communication channel even if your private key is compromised. This is useful if your computer is hacked or the government can force you to give them your key.
What it does not fix:
- It is possible to impersonate you with your key if your key is compromised. However, previous connections will not be vulnerable.
- Other forms of authentication (such as a passphrase) may be needed to prevent identity impersonation.
-------
Some code is needed to set the connected state to True on libs.friends.Friend upon handshake completion because the handshake will be handled within the Friend instance.
--Aj00200
Work Items
Dependency tree
* Blueprints in grey have been implemented.
