[Cryptography] Request For Usage Review
zane.thomas at protonmail.com
zane.thomas at protonmail.com
Mon Jul 27 17:10:44 EDT 2020
Would someone be so kind as to comment on my usage of cryptography in an
application I'm working on. It would be much appreciated and I'll owe you
a beer or satisfying beverage of your choice. :)
The application sends messages from one user to one or more other users.
Message recipients must be able to verify that the message is from the
alleged sender and must be able to read it. Messages will be accessible
publicly; not-intended recipients must not be able to read them.(1)
All cryptographic functions are provided by TweetNaCl.js (herein after nacl).
Below is what a message looks like, explanation follows.
//
// Version 1
//
// Recipients
// ed8d5061-bf7f-481a-a7e4-b7517ac0c53e
// JiKv6es1GLlsbh/W1KFQYSWhsI7CgjYn
// e173ZtIxksLAeAqpJgXslGp3uZaDHj02KxgPQaEUJCiH4wrWDNBfwpdr8zI2yLxn
// ea72e2a53-1b48-4861-b17d-40fd8453bfea
// CS9aCq12Q7S4vHeaH5L3SFOwvroX9CXt
// TwFk875v92bIVe12IhzXFoZu8LYAqKyhBpONYCEOovMq3+KXr7S4hXmh6WBRln
//
// Content
// 5YKDLW3BRo5znN1ReqCatE3WhWf4OMq5
// Wo/uU1/badQDLYEuAH6d+xlSV+i/KeCyKgYa6C4pzaj8YdxuEkZtALi8eAB+oQBv
// gCNztP15gV6w0otezjCwuYI+g0Fe8tMorZvvsxzQnpA7JztHLpQ=
//
// Signature
// 4IyI2L3EEXEG2nWw0bIWsJtyjH/ob6QjtUZKzbcZlAvV3aN4jgRnqYlVOvnhSu7/
// 1LASIDllHV1b1SYwvDbYDA==
//
Each message consists of four sections:
Version
Just because it seems like a good idea.
Recipients
A list of recipients, each consisting of three lines. The first line
is the recipient's id. The second line is a nonce; provided by
nacl.randomBytes(nacl.box.nonceLength). The third line is a secret key
encrypted with nacl.box using the nonce and the recipients public key.
Content
The first line is a nonce. The following lines are the message which
has been encrypted using nacl.secretbox(message,nonce,secret). The value
of secret is nacl.box.keyPair().publicKey.(2) This is the key encrypted
with each recipient's public key.
Signature
The signature covers everything from the first line to the last line
of Content inclusive, excluding the final line-terminator. The
signature is generated by nacl.sign(message, secretKey) where secretKey
is the sender's signing key.
Additional Information
Each user, sender or receiver, has two key-pairs: one for encryption
and the other for signing. These are generated by nacl.box.keyPair and
nacl.sign.keyPair.
Nonces are used only once.
There is no "roll your own" encryption, hashing, or similar; nacl
handles everything.
It occurred to me that someone could snip the signature off of a message
replacing it with another, thereby spoofing the creator. The encrypted
messages will at times be exposed to such tampering. While it is true that
only a spoofer known to the recipient could pull that off, the application
embeds the sender id in the content and verifies that the signer is actually
the sender.
Now that I've written this it all seems rather simple. But I've not done this
before, the decades are littered with almost-got-that-right encryption
and, well, littering is against the law, so if there is the slightest question,
comment, or suggestion, tia!
Zane
(1) A recipient who knows the sender's public key can verify the message
but cannot read it if not in the Recipients list.
(2) I created a shared key for the secretbox using nacl.box.keyPair().publicKey;
secretKey is not used.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20200727/143468b5/attachment.htm>
More information about the cryptography
mailing list