signcryption

package module

v0.0.0-...-1b2fa07 Latest Latest Go to latest Published: Jun 6, 2018 License: MIT Imports: 7 Imported by: 2

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/DavidHuie/signcryption

Links

Open Source Insights

README ¶

signcryption

A collection of signcryption algorithms and protocols for Go based around the AAI signcryption scheme.

Algorithms

Ahmad-Afzal-Iqbal (AAI)

Ahmad-Afzal-Iqbal signcryption is an elliptic curve signcryption scheme designed for firewalls. AAI provides signatures that can be publically verified without revealing the contents of the ciphertext. In contrast, most signcryption schemes provide signature verification as part of the decryption process and not as a separate process.

AAI signcryption provides the following features in unison:

confidentiality
message integrity
signature unforgeability
non-repudiation
public verification
ciphertext-only authentication
forward secrecy

This version of AAI is implemented with the elliptic curves P256 & P521, AES counter mode encryption, and SHA-256 for generating keys.

Protocols

Signcrypted Transport Layer (STL)

A transport layer similar to TLS that uses AAI signcryption. Used plainly, STL offers the same guarantees as TLS with client authentication. However, STL also includes support for a "relayer," which is untrusted, third party proxy that can sit in between a client-server connection, cryptographically verifying the origin and destination of each traffic segment. A relayer can provide NAT traversal, firewalling, and other services.

Documentation ¶

Index ¶

Variables
type Certificate
- func GenerateCertificate(rand io.Reader) (*Certificate, error)
- func UnmarshalCertificate(b []byte) (*Certificate, error)

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// StandardCurve is the curve we use for all elliptic curve
	// operations.
	StandardCurve = elliptic.P256()
)

Functions ¶

This section is empty.

Types ¶

type Certificate ¶

type Certificate struct {
	ID                   []byte
	EncryptionPrivateKey *ecdsa.PrivateKey
	EncryptionPublicKey  *ecdsa.PublicKey
	HandshakePrivateKey  *ecdsa.PrivateKey
	HandshakePublicKey   *ecdsa.PublicKey
}

Certificate describes the information that identifies each unique user of STL. Certificates should be validated externally.

func GenerateCertificate ¶

func GenerateCertificate(rand io.Reader) (*Certificate, error)

GenerateCertificate generates a random certificate. The certificate still needs an ID field which should be produced by an external entity.

func UnmarshalCertificate ¶

func UnmarshalCertificate(b []byte) (*Certificate, error)

UnmarshalCertificate parses out a certificate from a slice of bytes.

func (*Certificate) Equal ¶

func (c *Certificate) Equal(c2 *Certificate) bool

Equal checks whether two certificates are equal. Equal only checks public key parameters.

func (*Certificate) Marshal ¶

func (c *Certificate) Marshal() ([]byte, error)

Marshal marshals a certificate into bytes.

func (*Certificate) Validate ¶

func (c *Certificate) Validate() error

Validate validates a certificate

Source Files ¶

View all Source files

certificate.go

Directories ¶

Path	Synopsis
aai
stl

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL