[noise] certificate chains

Arvid Picciani aep at exys.org
Sat Jun 30 23:56:47 PDT 2018


In my case the users identity equals the Ed Publix key. (Wireguard style
routing), so the only way would be option 2.

Since then both static keys need to be generated on the fly, Is there any
difference between NN and XX?

It also looks like you actually can get an x25519 from an Ed.

https://download.libsodium.org/doc/advanced/ed25519-curve25519.html

It's just not available in the dalek lib I use, and the discussion on the
curves ML seems very involved, so I do wonder if this is actually safe.

On Sun, Jul 1, 2018, 00:58 Rhys Weatherley <rhys.weatherley at gmail.com>
wrote:

> On Sun, Jul 1, 2018 at 8:41 AM, Arvid Picciani <aep at exys.org> wrote:
>
>> Nice, Thanks.
>>
>> unfortunately i can't figure out how to use XK, because Noise of
>> course uses x25519 not ed25519 so the public identities for DH dont
>> match the identities used for signing,
>> I found this thread from Trevor on signing using x25519
>> https://moderncrypto.org/mail-archive/curves/2014/000205.html  but
>> there's no conclusion.
>>
>
> The CA's signature on the certificate needs to use ed25519, but the
> subject's actual key would be x25519; i.e. "I the CA with signing key s
> warrant that DH key d belongs to the subject with name n".  The subject
> might also own other keys, including for signing other people's
> certificates.  Those may also be included in the certificate but don't
> matter for Noise session establishment.
>
> Another approach is two-level: the CA signs the user's identity
> certificate containing the user's ed25519 key, which the user themselves
> uses to issue a transport certificate with their DH key.  Both are included
> in the certificate chain.  This would make it easier for the user to rotate
> transport keys over time under the same long-term identity.
>
> Cheers,
>
> Rhys.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20180701/d605069d/attachment.html>


More information about the Noise mailing list