implement signature support for get/put data #3

thomasdelaet · 2016-07-10T07:21:18Z

If I put a value, it should be signed with my own public key. If we enable encryption on the transport protocol of KAD, other hosts can reject all values that are being PUT from a connection that doesnt match the signature of the value that is being PUT. In addition: - If the key is the public Key itself, we can also reject any signature that doesnt match the public key (only relevant for publishing connectionInfo, not for lookup of email addresses).

probably makes sense to include nonce

thomasdelaet · 2016-09-03T12:47:48Z

Assume that a PUT contains key => value mapping where value is a dictionary with the following keys:

payload: actual data
nonce: expiration time
signature: elliptic curve signature
signID: public key of signer

When you do a get and have a result returned you verify:

that signature is valid
that expiration time is not yet reached
potentially using access control list you can check boxId by conerting signId to boxID

thomasdelaet added enhancement security labels Aug 27, 2016

thomasdelaet added this to the v1 milestone Aug 27, 2016

thomasdelaet removed this from the v1 milestone Sep 3, 2016

thomasdelaet changed the title ~~implement encryption support~~ implement signature support for get/put data Sep 3, 2016

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

implement signature support for get/put data #3

implement signature support for get/put data #3

thomasdelaet commented Jul 10, 2016

thomasdelaet commented Sep 3, 2016

implement signature support for get/put data #3

implement signature support for get/put data #3

Comments

thomasdelaet commented Jul 10, 2016

thomasdelaet commented Sep 3, 2016