ipetr0v
commented
1 year ago cc @tiziano88 @conradgrobler @sidtelang
Open ipetr0v opened 1 year ago
ipetr0v
commented
1 year ago cc @tiziano88 @conradgrobler @sidtelang
ipetr0v
commented
1 year ago Also the default-features include x25519-dalek, which we would want to remove from our codebase: https://github.com/rozbb/rust-hpke/blob/b53f23ca707efe78051dec5330dd18e6007e2384/Cargo.toml#L17-L18
We probably need to split p256 into a separate feature, so we won't have to rely on the default-features.
ipetr0v
commented
11 months ago Another contribution that we could make is to allow serialization for the Context objects.
We cannot share private keys with the enclave application and only want to share session keys/contexts. But it would require sending them iver gRPC.
There is an existing implementation of the RFC 9180 Hybrid Public Key Encryption in Rust: https://crates.io/crates/hpke
But this implementation lacks the bidirectional encryption, which is explained in the RFC but in the Security Considerations section - so it's technically not a part of the protocol.
We need bidirectional encryption for our remote attestation use-cases - so we need to think about contributing to this crate, and making it work with bidirectional encryption.