Closed danthegoodman1 closed 1 month ago
Some quick untested LLM generated code:
Seems like the entire process is different, needing a key exchange or private key of sorts. Maybe the LLMs are not explaining well.
It looks like you need the encrypter's private key and the decrypter's public key. If we don't ever need the encrypter's keys again to decrypt, we can just generate ephemeral keypairs at encryption time.
But it does look like you need some shared secret to do the decryption, and you need the original private key to generate the shared secret to be able to decrypt it, and to get that you need the original "ephemeral key pair" that was used to get the shared secret again.
I probably lack understanding of the process but it seems to have an extra step that defeats the purpose of this encryption because we use RSA to encrypt globally shared secrets. We'd have to have a "system keypair" which defeats the purpose.
Or could do every keypair combo, but that would convert having n
shared secret values to n*(n-1)/2
secret values which isn't terrible but it's a lot of work for someone who can simply just generate an RSA key and stick it in their github and ~/.ssh folder
Closing as not planned for now
Can't use ed25519 to encrypt, so would have to convert ot X25519. Still store the original ed25519 key.