This seems as good a time as any to try to get some eyes on the encryption part
of Trsst. I've been soliciting feedback on this from the various crypto lists
as we're expanding our testing in the next day or so, but haven't yet gotten
any takers.
Background:
Trsst is a convention for using
Hi Michael. Some comments inline...
On Wed, Mar 19, 2014 at 9:01 AM, Michael Powers mich...@mpowers.net wrote:
For a private message, we generate a random 256-bit key and encrypt with
AES. Then for each recipient, we use a hash of the shared ECDH secret and
the message-id to encrypt the key
Thanks, Steve, for your quick response.
This is just the key exchange; not trying to sign or otherwise authenticate
here. The containing XML document is what gets signed via ECDSA as specified
by XML-SIG.
In this part, we're trying to distribute the same randomly-generated 256-bit
key to