💾 Archived View for gmi.noulin.net › markdown › sodiumTest_README.md captured on 2024-07-09 at 04:58:41.

View Raw

More Information

⬅️ Previous capture (2023-07-10)

🚧 View Differences

-=-=-=-=-=-=-

# Libsodium
The programs in this repos depend on [sheepy](https://spartatek.se/r/sheepy/file/README.md.html) and [libsodium](https://libsodium.org).

## sodiumTest

In `sodiumTest.c`, I implemented:
- public key cryptograpy
- public key signature, the message is signed the secret key and anyone can verify the signature with the public key
- one shot encryption with secret key. Usage: encrypt a file on disk
- derive key from password
- password hashing for storing in a server database

## client.c and server.c
`client.c` and `server.c` are client and server using public key cryptograpy to exchange messages. This is a simple prototype which uses slow public key algorithms.

`client.c` and `client2.c` have more detail description of how the system works at the file top.

## client2.c and server2.c

`client2.c` and `server2.c` implement a request-response system which supports anonymous clients. The clients don't have to be known in advance by the server.
The system uses public keys for key exchange and secret keys are derived for symetric key cryptograpy. After the key exchange, the message are send and received using symetric key cryptograpy.
For each session, the server changes public key to avoid reusing the same key pair and prevent replay attacks. For more nonce randomness, the server provides the first nonce for the client in the key exchange when the session opens.
The server identity is verified in the client, the trust is established on first use (TOFU).
The client can have identity keys which are verified by the server when provided during the key exchange. The server should store the client public identity key and link it to a user.

I created `sel.c` to handle the various keys, there are functions that don't take keys as parameters, they use the keys stored in `sel.c` buffers.

## `client3.c` and `server3.c`
The server keeps the same session keys and uses a bloom filter to detect when client are reusing session keys.

## `client4.c` and `server4.c`
`server4.c` has the client public keys and if the client key is valid when it connects, it is authenticated.
The clients can request the server public key, if the server public key is already known, it can send the first encrypted message directly.

## preshared* client and server
The preshared client/server use public encryption like `client.c` and `server.c`.
- there is no key exchange, the keys are preshared
- a timestamp (in udp version) is used to avoid replay attacks
- the nonces are not stored