search

cloudflare / circl

CIRCL: Cloudflare Interoperable Reusable Cryptographic Library
http://blog.cloudflare.com/introducing-circl
Other
1.26k stars 138 forks source link

[oprf] Publicize oprf.Server.PrivateKey #313

Closed afjoseph closed 2 years ago

afjoseph commented 2 years ago

Hey. Thanks for the fantastic repo!

This change is minimal and there might be an API I missed that does exactly this, so please let me know if I missed it.

This change allows protocols like OPAQUE to serialize and save the private key of a server, so an oprf.Server instance can be recreated easily at a later step.

More concretely in OPAQUE, the password registration step requires a new kU parameter - which is the oprf.Server's private key, created here in oprf.NewServer() - to be saved in the last step of the password registration procedure, and later retrieved during password authentication. This can be done after this PR by using the same saved private key inside oprf.NewServer.

Cheers and many thanks. Lemme know if a more graceful solution is required (i.e., exposing an oprf.Server.[De]SerializeKey function)

armfazh commented 2 years ago

There's another way to proceed without exposing the field.

  1. Create a private key calling either GenerateKey or DeriveKey. This will return a PrivateKey object.
  2. The private key can stored using the serialization methods provided.
  3. The private key can be used for creating a new Server calling either NewServer or NewVerifiableServer.

Let me know if this fulfills your use case.

afjoseph commented 2 years ago

Hey @armfazh. Thank you for your reply. Your solution suffices and works perfect. Closing this ticket :)