|
|
|
|
|
|
by e12e
2206 days ago
|
|
|
> Knowing only each others public keys Do you even need a "protocol" if the clients trust each other? Client A generates a random key, maybe a nonce - and a session Id - then encrypts that with Bs public key, signs with As private key - and sends that to B. Only B can decrypt the message, A and B now share a key. Or maybe that is the protocol. Anyway, if you know someone's public key and they know yours - you're already bootstrapped for a secure channel? Ed: m seeing the page, I see this is more à link to the api for libsodium, and that obviously makes sense - to have standard implementation (and I guess this does some tricks for generating public/private session keys from long lasting public keys? |
|
|