consistent pcp/pbp formats (was: Curve p25519 Replacements for GnuPG?(x2 now) ..)
Thomas von Dein
tom at vondein.org
Tue Jan 21 02:10:57 PST 2014
Yuriy,
On Tue, Jan 21, 2014 at 01:32:23PM +0400, Yuriy Kaminskiy wrote:
> Correct format should be:
> 6[1]|temp_keypair.pubkey|len(recipients)[4]|(recipients...)|(secretboxes...)
Let me recap to see if I really got it right:
the sender does:
- generate a random single-use keypair
- generate a random secretbox key
- secretbox the message 32k-wise with the former
- box that key for each recipient
- put into the output the cipher, the recipient stuff
and the public key part of the random single-use keypair
Is that right?
So, in order to communicate with someone, only user A has to publish her
public key. User B takes it, box()es a message for her, puts his
(random) pk into it and sends it. A then uses the public key included in
the message plus her own secret key, decrypts the message and drops B's
public key afterwards.
Because, usually with curve25519 both A and B had to exchange their
public keys in advance to be able to communicate. The scheme above makes
it a lot easier for users but is it sufficient securitywise?
best,
Tom
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the cypherpunks
mailing list