After some more work and cleanup, I’ve published my source code at
https://github.com/snej/secret-handshake-capnp
<https://github.com/snej/secret-handshake-capnp>
Suggestions and fixes gratefully accepted, especially since much of the code is
taken from Cap’n Proto itself and was “adapted for radio by putting it on a
board and banging a few nails through it”, as Monty Python put it.
Here’s the gist of the README:
SecretHandshake For Cap’n Proto
C++ implementation of the SecretHandshake
<https://github.com/auditdrivencrypto/secret-handshake> protocol for the
awesome Cap’n Proto <https://capnproto.org/> RPC library. This lets you upgrade
your network connections with encryption and mutual authentication, without all
the overhead of OpenSSL.
(You don’t actually need Cap’n Proto to use this, but if so you’ll need to
provide your own networking code.)
<https://github.com/snej/secret-handshake-capnp#about-secrethandshake>About
SecretHandshake
SecretHandshake is “a mutually authenticating key agreement handshake, with
forward secure identity metadata.” It was designed by Dominic Tarr and is used
in the Secure Scuttlebutt P2P social network.
It’s based on 256-bit elliptic Ed25519 key-pairs. The peers each maintain a
long-term key pair, whose public key serves as a global identifier. The peer
making the connection (“client”) must know the public key of the other peer
(“server”) to be able to connect, and the server learns the client’s public key
during the handshake. Each peer receives proof that the other has the matching
private key. Much more detail is available in the design paper
<http://dominictarr.github.io/secret-handshake-paper/shs.pdf>.
The handshake also produces two session keys, which are then used to encrypt
the channel with the 256-bit symmetric XSalsa20 cipher. (This is not strictly
speaking part of the SecretHandshake protocol, which ends after key agreement.
Scuttlebutt uses a different encryption scheme based on libSodium’s “secret
box”.)
--
You received this message because you are subscribed to the Google Groups
"Cap'n Proto" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to capnproto+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/capnproto/8C607A75-64AC-4E6D-A80D-5C0877B7656F%40mooseyard.com.
