842Mono
commented
6 years ago libsodium offers many ways to do encryption. We can do symmetric encryption (without signing) using the XChaCha20 stream cipher.
For doing symmetric key with signing we can use "XChaCha20-Poly1305-IETF". It encrypts the message using a secret key, and also makes a "tag" to verify the message. The tag is is sent along with the message (attached to it) and it is used to verify the data automatically. Here's an example gist. Is there a need to do XChaCha20 without the tag?
currently jiff uses "crypto_box_easy". This does public key encryption and computes a tag (so it's signed). If we need to also add the option of using public keys without verification we can use the same function's detached mode ("crypto_box_detached") and just ignore the tag. Do we need to do that?
The configuration should be provided by the server? It can be specified in the options object. Example:
require('../../lib/jiff-server').make_jiff(http, {logs:true, encryption:'SymmetricKey'})
Use public key infrastructure to share symmetric keys between pairs of processes. Messages send there on forward gets encrypted with the symmetric key and signed with the secret key. Public keys are still used to check signature.
Should be configurable: (1) no encryption used (2) Pkey without signing (3) Pkey with signing (4) Symm without signing (5) Symm with signing