End-to-end message encryption/authentication using ephemeral Diffie-Hellman keys.
The assumption is that DH public keys are exchanged using a trusted path, e.g., the trusted bus between CAs in the Cloud, and then the derived shared secret, not known by the CAs, can be used to establish a direct, secure channel to send messages.
CAs are very efficient at distributing public keys (using SharedMaps
, see
external:caf_sharing) and
this allow us to treat DH keys as ephemeral, i.e., each Session
has fresh
keys. This avoids the difficulty of protecting in the browser long-term
secrets that are javascript-accessible.
- Source:
Methods
create()
- Source:
Constructor.
authAndDecrypt(msg) → {string}
- Source:
Decrypts a message and validates its authentication code.
The DH public key of the other party needs to be set first.
Parameters:
Name | Type | Description |
---|---|---|
msg |
string | A message to decrypt |
Returns:
A decrypted and validated message.
- Type
- string
encryptAndMAC(msg) → {string}
- Source:
Encrypts a message and generates an authentication code for it.
The DH public key of the other party needs to be set first.
Parameters:
Name | Type | Description |
---|---|---|
msg |
string | A message to encrypt |
Returns:
An encrypted and authenticated message.
- Type
- string
getPublicKey() → {string}
- Source:
Returns a DH public key associated with this session.
Returns:
A DH public key associated with this session.
- Type
- string
setOtherPublicKey()
- Source:
Sets the DH public key of the other party, enabling the other crypto operations (encrypt/decrypt/mac).