[noise] Proposal: certificate and private key format

Rhys Weatherley rhys.weatherley at gmail.com
Wed Apr 20 04:11:17 PDT 2016


The Noise protocol's API specifies the use of bare public and private keys
for arguments.  While literally anything can be done with bare keys, they
are likely to be unwieldy in practice for applications to manage.

A better application-facing API might include functions
SetPrivateKeyFile(filename, passphrase) and
SetRemoteCertificateFile(filename).

So, here's an idea I've been drafting for a few days:

http://rweather.github.io/noise-c/cert_key_format.html

I have no code implemented - the key values on that page are all fake.  But
hopefully it gets the idea across.  The purpose is to improve key
portability between implementations, but of course individual applications
might make other key management choices.

The current design is inspired by the original PEM and PGP formats.
Another approach I've thought about is something like the SSH key format.

Any thoughts?

Cheers,

Rhys.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20160420/1c79370b/attachment.html>


More information about the Noise mailing list