Questions tagged [key-exchange]

For questions relating to protocols for distributing public keys, and / or establishing session keys with another party. Examples of key exchange protocols include Diffie-Hellman and IKE.

A key exchange protocol is a method to construct and distribute a key among several parties, protecting it from malicious parties. A key exchange is often conducted soon after establishing a communication channel in order for the parties to agree on a session key.

Some examples of key exchange protocols are:

299 questions
8
votes
5 answers

Can we trust onetimesecret?

Alice: I need the file Bob: Sure, and I want to encrypt it first. Please put the strong PGP symmetric key with the copy&paste method to https://onetimesecret.com/ and send me the link. Alice. Done, the URL is xxxxxxxx Bob: Very funny, the link is…
Manuel Rodriguez
  • 211
  • 1
  • 2
  • 5
7
votes
0 answers

Can SRP be implemented using libsodium

I am using libsodium for cryptography and I want to use SRP for key exchange. The wikipedia page lists a python example, but I am not sure if and how I could convert this to libsodium function calls. Is it possible or would I need to implement some…
Nathan
  • 361
  • 1
  • 11
4
votes
2 answers

Purpose of key confirmation

Among the requirements for a secure key exchange is the key confirmation. I wonder why is this step required. Even if the other party hasn't computed a correct value for the shared secret, it doesn't matter. It won't be able to decipher the…
elena
  • 181
  • 3
3
votes
1 answer

What's the purpose of anonymous Diffie-Hellman key exchange + verification?

I attended a lecture where a procedure for solving the problem of passive attackers being able to gain knowledge about the identities of communication partners using an authenticated Diffie-Hellman key exchange was presented. The solution looks like…
UTF-8
  • 2,340
  • 1
  • 11
  • 24
2
votes
2 answers

Key distribution and key exchange for simple secure FTP implementation

I'm developing a simple secure file transfer protocol for a University project using openssl. I have a Client (let be C) and a Server (let be S). C will send to S messages like get, put, cd, … and S will send paths or files depending on which…
Edge7
  • 130
  • 11
2
votes
1 answer

Picking exponents for Diffie-Hellman

I'm taking a class on Cryptography and the professor mentioned that given mod N and base g with a certain order, you should pick powers m and n such that they create a certain property with the order of g. I wasn't completely sure of what he said…
J Queen
  • 21
  • 1
2
votes
1 answer

How does "Key Transparency" work?

A few days ago, Google published Key Transparency to solve the problem of verifying the key fingerprints of e.g. your chat partners. Unfortunately, I don't really understand how Key Transparency works. Can someone explain it in simple words or with…
Aliquis
  • 869
  • 1
  • 9
  • 12
0
votes
1 answer

Key Exchange algorithm to be used for REST framework

I was required to create key exchange module for custom Rest framework which supports document level security in REST requests. Framework has its own security module which allows to encrypt parameter entities in rest request when keys available. I…
egaweh
  • 3
  • 1
0
votes
2 answers

does a public key work with all encrypted programs

let us say, I use program "x" for my e-mail security. through them I have a public key and a private key. My friend uses program "y" for their e-mail security and consequentially have a public key and a private key. The question is when I use my…
0
votes
0 answers

Any facts that users’ secret key is stolen on some group?

I am wondering whether some severe accidents due to sharing a secret key exist in real world. A group of users or a company typically share a secret key to decrypt some shared encrypted data possibly stored on cloud storage. However, each user has…
mallea
  • 111
  • 4
0
votes
2 answers

Public key distribution through a file sharing service

Would you trust a reputedly secure file sharing service for public key distribution? In my context, I cannot use certificates. Key servers seem to require PGP/GPG formats yet I'm using Microsoft CngKey format in my app, hence this question.
Frank
  • 3
  • 1