Module dnstplib::crypto

Method for handling cryptography including ECDH shared secret derivation and symmetric key encryption

Step 1: get_random_asym_pair Generate a public/private key pair on each side

Step 2: Swap the [p256::EncodedPoint]s from step 1 between parties

Step 3: get_shared_asym_secret Combine one private key with the other public key to end up at the same shared secret

Step 4: asym_to_sym_key Take the [p256::NistP256] shared asymmetric secret key and use it as a symmetric key ready for encryption decryption

Step 5: generate_aes_nonce Get a nonce to use when encrypting

Step 6: encrypt Use the key from step 4 with the nonce from step 5 to encrypt arbitrary data

Step 7: decrypt Use the same key from step 6 and the same nonce from step 6 to decrypt the outputted ciphertext from step 6.

Constants

• PUBLIC_KEY_CLOSING
• PUBLIC_KEY_OPENING

Functions

• asym_to_sym_key
  Turn the asymmetric shared secret into a symmetric encryption key
• decrypt
  Symmetrically decrypt data using a key derived from ECDH
• encrypt
  Symmetrically encrypt data using a key derived from ECDH
• fatten_public_key
• generate_aes_nonce
  Generate a safe nonce to use in symmetric encryption
• get_random_asym_pair
  Generate a public/private key pair
• get_shared_asym_secret
  Use one private key and an opposing public key to arrive at the same shared secret
• trim_public_key