Module: caf_cli/cryptoSession

End-to-end message encryption/authentication using ephemeral Diffie-Hellman keys.

The assumption is that DH public keys are exchanged using a trusted path, e.g., the trusted bus between CAs in the Cloud, and then the derived shared secret, not known by the CAs, can be used to establish a direct, secure channel to send messages.

CAs are very efficient at distributing public keys (using SharedMaps, see external:caf_sharing) and this allow us to treat DH keys as ephemeral, i.e., each Session has fresh keys. This avoids the difficulty of protecting in the browser long-term secrets that are javascript-accessible.

Source:

Methods

authAndDecrypt(msg) → {string}

Decrypts a message and validates its authentication code.

The DH public key of the other party needs to be set first.

Parameters:
Name Type Description
msg string

A message to decrypt

Source:
Returns:

A decrypted and validated message.

Type
string

encryptAndMAC(msg) → {string}

Encrypts a message and generates an authentication code for it.

The DH public key of the other party needs to be set first.

Parameters:
Name Type Description
msg string

A message to encrypt

Source:
Returns:

An encrypted and authenticated message.

Type
string

getPublicKey() → {string}

Returns a DH public key associated with this session.

Source:
Returns:

A DH public key associated with this session.

Type
string

setOtherPublicKey()

Sets the DH public key of the other party, enabling the other crypto operations (encrypt/decrypt/mac).

Source:

newInstance()

Constructor.

Source: