Do you even need a "protocol" if the clients trust each other?
Client A generates a random key, maybe a nonce - and a session Id - then encrypts that with Bs public key, signs with As private key - and sends that to B. Only B can decrypt the message, A and B now share a key.
Or maybe that is the protocol.
Anyway, if you know someone's public key and they know yours - you're already bootstrapped for a secure channel?
Ed: m seeing the page, I see this is more à link to the api for libsodium, and that obviously makes sense - to have standard implementation (and I guess this does some tricks for generating public/private session keys from long lasting public keys?
Do you even need a "protocol" if the clients trust each other?
Client A generates a random key, maybe a nonce - and a session Id - then encrypts that with Bs public key, signs with As private key - and sends that to B. Only B can decrypt the message, A and B now share a key.
Or maybe that is the protocol.
Anyway, if you know someone's public key and they know yours - you're already bootstrapped for a secure channel?
Ed: m seeing the page, I see this is more à link to the api for libsodium, and that obviously makes sense - to have standard implementation (and I guess this does some tricks for generating public/private session keys from long lasting public keys?