Create public and private key satellite

[NielsMooren]

The satellite should create a public and private key on startup.

Please do some research on running the encrypt data function on the Raspberry Pi. Check RSA and ed25519 encryption and see which one is better with a specific key length, such as 256, 512, etc.

[haridevelops28]

For data encryption and decryption on the Raspberry Pi, especially when sending encrypted content, the best approach would involve a combination of algorithms optimized for both security and performance. Here’s a breakdown of the options and recommendation for your setup:

1. RSA Encryption

   • Key Lengths and Security: RSA is often used for encryption at key lengths of 2048 or 4096 bits. A 2048-bit key provides good security, though 4096 bits is recommended for increased security. • Performance: RSA encryption and decryption are slower, especially with larger keys, which may strain the Raspberry Pi’s limited processing power. Decryption, in particular, can be sluggish on smaller devices, impacting performance. • Usage: RSA is ideal for encrypting small pieces of data, like symmetric keys (e.g., AES keys), rather than large data blocks.

2. Ed25519 (Elliptic Curve Cryptography)

   • Key Lengths and Security: Ed25519 provides high security at a fixed 256-bit key size. Despite its smaller key size, it’s as secure as RSA with much larger keys because of the strength of elliptic curve cryptography. • Performance: Ed25519 is highly efficient for digital signatures (authentication) but is not designed for direct data encryption and decryption. If encryption is needed, use X25519 for key exchange in combination with symmetric encryption. • Usage: For encryption, Ed25519 should be combined with a symmetric encryption algorithm for actual data encryption, rather than relying solely on Ed25519 for the encryption itself.

3. Best Approach: Hybrid System with X25519 and AES

   • Hybrid Cryptosystem: A combination of X25519 (Elliptic Curve Diffie-Hellman for key exchange) and a symmetric algorithm like AES (Advanced Encryption Standard) is often the best solution: • X25519 is used for exchanging a session key securely between two devices, ensuring that only the sender and receiver can derive the shared key. • AES then uses this session key to encrypt and decrypt the data. AES-128 or AES-256 is efficient on a Raspberry Pi and provides robust encryption for data. • Performance and Compatibility: This setup is well-suited to the Raspberry Pi, balancing security with manageable performance impact. AES is computationally efficient, especially on smaller devices like the Pi, and X25519 provides secure key exchange.

Recommended Workflow for Your Use Case:

1.  Key Exchange: Use X25519 to securely exchange a symmetric AES key between the satellite and base station.
2.  Data Encryption/Decryption: Encrypt data on the sender’s end with AES (using the exchanged key) and decrypt it on the receiver’s end.

Why This Approach?

•   Efficiency: AES encryption and decryption are fast on low-powered devices like the Raspberry Pi, making it suitable for real-time communication.
•   Security: X25519 ensures that only the intended recipient can derive the AES key, maintaining confidentiality.
•   Scalability: This hybrid approach is widely supported and considered a best practice for scenarios requiring secure data transfer over potentially constrained networks.

Sources:

1. Comparison of RSA and Elliptic Curve Cryptography: • Article by the National Institute of Standards and Technology (NIST): “Recommendations for Key Management — Part 1: General.” NIST provides guidance on key lengths and algorithm performance, explaining why elliptic curve cryptography (ECC) can offer equivalent security to RSA at much shorter key lengths. • Link: NIST SP 800-57
   2. Ed25519 vs. RSA and ECC Usage: • “Ed25519 vs. RSA: How They Stack Up in Security and Performance” - an overview of Ed25519’s efficiency in signing and verification versus RSA, especially for resource-limited environments like IoT devices and Raspberry Pi. • Link: InfoSec Insights on ECC
   3. X25519 for Key Exchange: • Blog post by Filippo Valsorda on “Using Ed25519 for Encryption” provides insights on using X25519 specifically for encryption key exchange scenarios, as Ed25519 alone is not designed for data encryption. • Link: Using Ed25519 for Encryption
   4. AES Performance on Raspberry Pi: • “Efficient Symmetric Key Encryption for IoT Devices” discusses how AES performs well on low-power devices, noting that AES can be efficiently implemented on Raspberry Pi and similar devices. • Link: AES on Low-Power Devices
   5. Practical Cryptography with X25519 and AES: • Article on Cryptography StackExchange detailing the best practices for combining X25519 with AES for data encryption, focusing on secure and efficient data exchange. • Link: Cryptography StackExchange on X25519 and AES