[noise] Proposal: certificate and private key format

Trevor Perrin trevp at trevp.net
Wed Apr 20 11:33:59 PDT 2016

On Wed, Apr 20, 2016 at 4:11 AM, Rhys Weatherley
<rhys.weatherley at gmail.com> wrote:
> The Noise protocol's API specifies the use of bare public and private keys
> for arguments.  While literally anything can be done with bare keys, they
> are likely to be unwieldy in practice for applications to manage.
> A better application-facing API might include functions
> SetPrivateKeyFile(filename, passphrase) and
> SetRemoteCertificateFile(filename).
> So, here's an idea I've been drafting for a few days:
> http://rweather.github.io/noise-c/cert_key_format.html

I think you'll find applications vary in:

 - preferred encoding (JSON, XML, Protobufs, etc)

 - contents needed for any certificate - e.g. if a client is just
contacting a pinned service, your "certificate" might be nothing more
than a single signature from some offline key.  11 fields is probably
overkill for a lot of cases.

That said, it's cool to see work on infrastructure atop Noise, I would
just keep it clear in APIs and libraries that this is a separate /
additional layer atop the Noise framework.


More information about the Noise mailing list