search

RustCrypto / KEMs

Collection of Key Encapsulation Mechanisms written in pure Rust
31 stars 15 forks source link

Question regarding public key import. #78

Open ghostidentity opened 1 month ago

ghostidentity commented 1 month ago

First of all, thanks for providing ML-KEM library for rust. I'm checking documentation but I'm unable to find a resource on how to marshal encapsulation key (generated from keypair),.

What I want to achieve is that the c# application can initiate a key exchage and the server can return an encapsulation key to generate a sharedkey, in turn the server will consume the cipherText to create its own shared key.

I'm stuck on this challenge: in turn the server will consume the cipherText to create its own shared key.

   // assume the c# application already  receive the publickey and sharedkey, but the server has to consume the cipherText to generate its  own sharedkey
                let decoded_bytes = base64::engine::general_purpose::STANDARD
                    .decode(text.as_bytes())
                    .expect("Failed to decode Base64 private key");
                    const SIZE: usize = 128; 
                    let array: [u8; SIZE] = payload.as_ref().try_into().expect("Slice with incorrect length");
                    let encapsulation_key: EncapsulationKey<MlKem1024Params> = EncapsulationKey::<MlKem1024Params>::from_bytes(array);

                    // Retrieve the encoded ciphertext
                    let encoded_ciphertext = encapsulation_key.as_bytes();
                    let shared_key =dk.decapsulate(&encoded_ciphertext).unwrap();
                    println!("Shared Key: : {:?}", shared_key);

                    let encrypted_response = Bytes::from(shared_key);
                let _ = client.publish(reply_to, encrypted_response).await;

Is there a plan to easily export public keys to external system, so its easy to generate shared key.

ghostidentity commented 1 month ago

adding some errors: {A4B7FFC2-937C-44F8-850F-7FF3FFB519A0}

tarcieri commented 1 month ago

@ghostidentity you don't ever appear to be calling the EncapsulationKey::encapsulate method, which would actually generate an encapsulated key message. Instead you're doing this:

// Retrieve the encoded ciphertext
let encoded_ciphertext = encapsulation_key.as_bytes();

...but that's the serialization of the encapsulation key itself. You still need to actually use that key to encrypt a message.