tink icon indicating copy to clipboard operation
tink copied to clipboard

Published 20 hours ago verified publisher icon tink-crypto

Missing Key Exchange Primitive

Open java-crypto opened this issue 6 years ago • 3 comments

Hi Team, I'm missing a Key Exchange Primitive like DH or EC on Basis Curve25519.

As the keys e.g. for encryption or Digital Signatures are capsulated within the KeyHandles we cannot put the data from (external) DH or EC-Key Exchange inside the KeyHandles :-(

Kind regards, Michael

java-crypto avatar Dec 19 '18 14:12 java-crypto

@bleichen

We're aware of this issue, and are wondering how we should design the key exchange interface.

Daniel, could you please shed some light on what you think we should do here? Thanks.

thaidn avatar Jan 10 '19 15:01 thaidn

I think there are two problems above. The first one is the key derivation: I.e. given a shared secret byte string to derive a key for a given key format. This has use cases beyond just key exchange. There is extensive code in the previous library "keymaster", so at least some ideas from there can be reused. The second one is an API for a key exchange. I'd probably start with an API for an authenticated or signed key exchange with key confirmation. I haven't done any literature search so far, so I don't know what standards are available.

bleichen avatar Jan 10 '19 16:01 bleichen

Happy new year and thanks to both of you. Is there any timeline for completion ? Kind regards, Michael

java-crypto avatar Jan 12 '19 18:01 java-crypto

This is a reasonable request, but it has been open for more than 4 years and it is clear that we will not get to this any time soon.

tholenst avatar Jan 26 '23 16:01 tholenst