Skip to content

Latest commit

 

History

History
61 lines (46 loc) · 2.94 KB

crypto-ratchet.md

File metadata and controls

61 lines (46 loc) · 2.94 KB
Raw

Crypto Ratchet

The aim is to encrypt the WebRTC signaling data using public-key authenticated encryption. The inital key material is transferred from one party to the other out-of-band. Based on that the remaining required key material is securely delivered in-band using public-key signatures.

  • "A" can be read as "self", "B" as "the other party".
  • Key pairs used:
    • Key pairs for public-key signatures (signPubKey, signPrivKey).
    • Key pairs for public-key authenticated encryption (pubKey, privKey).

Ratcheting Flow

All parties use their pubKey as UUID when connected to signalhub.

  1. A sends an out-of-band invitation to B containing: pubKey(A), signPrivKey(AB).
  2. B now recognizes UUID(A) in /all because of the invitation from A.
  3. B sends crypto ratchet data to /A namely signPubKey(AB) and pubKey(B) signed using signPrivKey(AB).
  4. A verifies and accepts pubKey(B) using signPubKey(AB).
  5. A now sends encrypted/signed packages to /B using pubKey(B) and privKey(A).
  6. B receives encrypted/signed packages from A and knows that the crypto ratchet is complete.

Invitation Creation

Create a new signing key pair (signPubKey(AB), signPrivKey(AB)). Use both the preexisting pubKey(A) and the signPrivKey(AB) to create a URI of the form: peermusic://host:port/#pubKey(A):signPrivKey(AB).

Algorithmic Flow

wrap and unwrap are methods that are invoced in a modified version of webrtc-swarm and always take in the data and the destination address of the package as arguments.

wrap

  • /all
    • No encryption - plain text.
  • /B
    • Key Exchange and Encryption (see step 3 under Ratcheting Flow)
      Holds an open invitation and thus knows that B still needs pubKey(A).
      Has pubKey(B) and signPrivKey(AB) available from the invitation.
      • Sends pubKey(A) and the signature generated by using signPrivKey(AB).
      • Attaches signPubKey(AB).
      • Encrypts/signs WebRTC signaling data using pubKey(B) and privKey(A).
    • Just Encryption
      Holds no open invitation regarding B.
      • Encrypts/signs using pubKey(B) and privKey(A).

unwrap

  • /all
    • Whitelist
      Recognizes UUID(B).
  • /A
    • Key Exchange and Encryption (see step 4 under Ratcheting Flow)
      Does not recognize UUID(B).
      Recognizes the attached signPubKey(AB) since there is an open invitation.
      • Verifies signature of attached pubKey(B) using signPubKey(AB).
        • Marks the invitation as complete.
        • Decrypts/verifies WebRTC signaling data using privKey(A) and pubKey(B).
    • Just Encryption
      Recognizes UUID(B).
      • If there is an open invite regarding B it will be marked complete.
      • Decrypts/verifies using privKey(A) and pubKey(B).