Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added in xkeys support, which are encoded x25519 keys. #37

Merged
merged 2 commits into from
Dec 5, 2022
Merged

Added in xkeys support, which are encoded x25519 keys. #37

merged 2 commits into from
Dec 5, 2022

Conversation

derekcollison
Copy link
Member

Also added in support for nacl.Box compatibility for Seal and Open, but we pick a random nonce for the user via a random source and append for the user to avoid any bad practices.

Nacl is not the most modern approach, but has broad adoption which was a factor regarding encrypted external authorization callouts.

We may add in other ways to encrypt data for larger messages and multiple recipients in the future.

Signed-off-by: Derek Collison derek@nats.io

@coveralls
Copy link

coveralls commented Dec 2, 2022
edited
Loading

Pull Request Test Coverage Report for Build 162

  • 86 of 121 (71.07%) changed or added relevant lines in 3 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage decreased (-2.9%) to 78.937%
Changes Missing Coverage Covered Lines Changed/Added Lines %
keypair.go 6 8 75.0%
strkey.go 9 11 81.82%
xkeys.go 71 102 69.61%
Totals Coverage Status
Change from base Build 147: -2.9%
Covered Lines: 386
Relevant Lines: 489
💛 - Coveralls

@coveralls
Copy link

Pull Request Test Coverage Report for Build 152

  • 77 of 108 (71.3%) changed or added relevant lines in 3 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage decreased (-12.03%) to 69.792%
Changes Missing Coverage Covered Lines Changed/Added Lines %
strkey.go 9 11 81.82%
xkeys.go 67 96 69.79%
Totals Coverage Status
Change from base Build 147: -12.03%
Covered Lines: 67
Relevant Lines: 96
💛 - Coveralls

aricart
aricart previously approved these changes Dec 5, 2022
View reviewed changes
Copy link
Member

@aricart aricart left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

strkey.go Show resolved Hide resolved
strkey.go Show resolved Hide resolved
philpennock
philpennock requested changes Dec 5, 2022
View reviewed changes
Copy link
Member

@philpennock philpennock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Beware that there are attacks when supplied with private keys and public keys which don't actually correspond to them, and until now we've been resilient because we've always used the seed to generate both at the same time.

Beware that the seed is not the private key, but the rand source for generating the keypair.

nk/main.go Outdated Show resolved Hide resolved
xkeys.go Outdated Show resolved Hide resolved
xkeys.go Show resolved Hide resolved
xkeys.go Outdated Show resolved Hide resolved
@derekcollison
Copy link
Member Author

Not following this comment..


Beware that the seed is not the private key, but the rand source for generating the keypair.

philpennock
philpennock previously approved these changes Dec 5, 2022
View reviewed changes
Copy link
Member

@philpennock philpennock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My mistake. I thought our "seeds" were seeds for initializing a CSPRNG to read some number of octets from it, not the private key and a replacement source for reading from. Okay, LGTM. (Obligatory: I am not a cryptographer)

@derekcollison
Added in xkeys support, which are encoded x25519 keys.
ffc2025 
Also added in support for nacl.Box compatibility for Seal and Open. We pick a random nonce for the user via a random source.
We may add in other ways to encrypt data for larger messages and multiple recipients in the future.

Signed-off-by: Derek Collison <derek@nats.io>
@derekcollison
Removed ppc64 arch from Travis
4f089af 
Signed-off-by: Derek Collison <derek@nats.io>
@derekcollison
Copy link
Member Author

Squashed, once green will merge.

@derekcollison derekcollison merged commit 5d8a673 into main Dec 5, 2022
@derekcollison derekcollison deleted the xkeys branch December 28, 2023 17:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@philpennock philpennock philpennock approved these changes

@wallyqs wallyqs Awaiting requested review from wallyqs

@ripienaar ripienaar Awaiting requested review from ripienaar

@aricart aricart Awaiting requested review from aricart

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@derekcollison @coveralls @philpennock @aricart