Skip to content

Add support for wrapping asymmetric keys#41

Draft
sosthene-nitrokey wants to merge 6 commits intomainfrom
asymmetric-key
Draft

Add support for wrapping asymmetric keys#41
sosthene-nitrokey wants to merge 6 commits intomainfrom
asymmetric-key

Conversation

@sosthene-nitrokey
Copy link
Contributor

@sosthene-nitrokey sosthene-nitrokey commented Apr 2, 2024

This will be required for PIV encryption at rest of data on the external filesystem like Opcard currently does.

Symmetric keys are not enough for PIV because the admin is not authenticated with a PIN (but rather with a AES/TDES key handshake).

@sosthene-nitrokey sosthene-nitrokey mentioned this pull request Apr 2, 2024
Merged
robin-nitrokey pushed a commit to Nitrokey/trussed-staging that referenced this pull request Oct 17, 2024
@sosthene-nitrokey @robin-nitrokey
Add HPKE extension
e27ad91 
This will be useful for PIV encryption, working together with
trussed-dev/trussed-auth#41

This implements the standard HPKE from
[RFC 9180](https://www.rfc-editor.org/rfc/rfc9180.html). This uses a
custom implmentation instead of the `hpke` crate because this crate
seals the trait to implement custom ciphers, and we want to use
`ChaCha8` and not `ChaCha20`.

The implementation is tested against the RFC test vectors for
`ChaCha20`, and is made generic so that the same code can be used for
`ChaCha8` in the backend.

For ChaCha8Poly1305 AEAD ID, I used a custom `0xFFFE`, which is probably
unused. I need to look if there is somewhere someone already using
ChaCha8Poly1305 for HPKE and if there is a specified ID.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sosthene-nitrokey