[noise] Encrypting 0-RTT payloads
Trevor Perrin
trevp at trevp.net
Thu Dec 6 19:14:44 PST 2018
On Fri, Dec 7, 2018 at 2:21 AM Matthew Hodgson <matthew at matrix.org> wrote:
>
> Hi all,
>
> Apologies for the naive question, but: what is the recommended approach for encrypting the payload in a 0-RTT IK handshake?
>
> Given the handshake isn’t yet complete, you can’t get at the CipherStates in order to use them to encrypt/decrypt the payload; so what is the idiomatic way of encrypting your payload for the remote static public key?
Hi Matthew,
I might be misunderstanding the question. But every Noise handshake
message contains a payload at the end. If "k" exists, then this
payload is encrypted with SymmetricKey.EncryptAndHash(payload), using
the underlying CipherState.
Trevor
More information about the Noise
mailing list