Open UnveilTech opened 1 month ago
That is an idea that I already had in my mind. (See: https://github.com/utoni/nDPId/milestone/3) I wanted to encrypt the nDPIsrvd connections to it's distributor clients. But doing this within nDPId UDP send is also something I'll consider as it should be more easy to implement as kinda "first crypto support".
excellent ! we'll be happy for testing it as soon as it'll be available...
bye Fred
Toni, but think that our proposal is a bit different what you mean with the milestone 1.8 or maybe we're wrong here ;o) the idea is that the nDPId sends encrypted json to another daemon (ex: ncat, socat, personal tool, etc...)
bye Fred
The idea is bit similar so far as it's the same JSON messages which are getting encrypted, but by a different application.
I'll probably start with the nDPId
UDP encryption as this might be easier to achieve and may also be reused for other applications such as nDPIsrvd
.
you rock man !!! we would be happy to test it 👍
bye Fred
Hi Toni, we've tested the OpenSSL part to encrypt the Json: x.zip
we have tested the process and it works fine... so if you could add that to your source code it'll be cool :o)
bye Fred
Hi Fred,
thanks for your proposal. Is there any reason why you've used aes256-cbc
and not an AEAD i.e. aes256-gcm
?
Toni, that's the source from Mistral (French IA, https://mistral.ai/) that we have modified a bit. we don't care if CBC or GCM, use the mode you think is the best... the only point we take care is that it must be Go langage compatible, we do use Go as our receiver daemon (nDPId -> Go daemon) anyway, CBC or GCM or etc..., I think we should find the way with Go :o)
bye Fred
Hi Toni, another suggestion is to encrypt the json sent to the sock/UDP client.
architecture: nDPId -> internet -> client (sock/UDP)
issue: the json is clear text and could be intercepted by anyone json part contains important data that can not be visible by all
solution/proposal: encrypt with openssl (ex: cipher method AES-128-CTR) using a special encryption text encrypted json must be decrypted by the client (sock/UDP) using C, Go, PHP, etc...
ndpid.conf: passkey="blablabla..." # take care the value should double quoted because spaces could be allowed
'passkey' or whatever you think it'll be the best way
argument (ex: -P "blablabla...") also in the command line
what do you think ?
bye Fred