Open BLR-0118 opened 2 years ago
Could we use a mixture of AES ad RSA .
For the next API call , Client generates a new key continue . @coreadmin
We need to use X25519 for key exchange as per the protocol. Also, for encryption, we're looking at AES-256, Curve25519, ChaCha20 as the only encryption algorithms. Any thoughts?
I think X25519 is the Diffie Hellman key exchange . My suggestion is to look from an implementer point of view . I think the requirement is integrity and confidentiality of data , not a specific key exchange protocol . Also how robust & friendly the mechanism will be to implement in browser and in app .
Hence I was suggesting a standard mechanism which could be implemented .
with thanks and regards Mahesh
On Mon, May 2, 2022 at 12:06 PM Supriyo Ghosh @.***> wrote:
We need to use X25519 for key exchange as per the protocol. Also, for encryption, we're looking at AES-256, Curve25519, ChaCha20 as the only encryption algorithms. Any thoughts?
— Reply to this email directly, view it on GitHub https://github.com/Open-network-for-digital-commerce/ONDC-Protocol-Specs/issues/24#issuecomment-1114542903, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACHGYNZ7PPUVZM4NNY2F4Y3VH5ZYXANCNFSM5SYB6G6Q . You are receiving this because you commented.Message ID: <Open-network-for-digital-commerce/ONDC-Protocol-Specs/issues/24/1114542903 @github.com>
Thanks for your suggestions!
One more query . Is the ONDC protocols same as beckn . Or different .
ONDC protocol is an adaptation of the Beckn protocol
Could we use a mixture of AES ad RSA .
1. Before making a call to server. , client generates a random AES key . 2. Then encrypts the elements . 3. Then encrypts the AES key with servers publickey 4. Send the encrypted data and encrypted key to server . 5. Server retrieves the AES key from encrypted key using its private key . 6. Server decrypts the content using retrieved AES key . 7. Then creates response message , 8. Encrypts response message using the AES key 9. and send to client 10. Client knows the AES key 11. And retrieves the message .
For the next API call , Client generates a new key continue .
Agreed. This suggestion is pretty standard and any banks use this for encrypting the payloads. Will be easy for folks to implement.
Define ONDC data encryption policy: