Reputation: 480
How to exchange and authenticate ephemeral public keys with tweetnacl?
The C library http://tweetnacl.cr.yp.to/ for strong ECC encryption written and published by Daniel J.Bernstein is very neat and small.
Using it from Python is even easier with the tweetnacl Python interface module written and published by Jan Mojžíš : https://mojzis.com/software/python-tweetnacl/index.html
Generating ephemeral public and secret key pairs is very easy:
python
>>> import tweetnacl as nacl
>>> pk, sk = nacl.crypto_box_keypair()
Assuming Alice got Bobs public key and vice versa then encrypted communication using the crypto_box() and crypto_box_open() functions
is pretty straight forward and easy to implement.
But I wonder: What is easiest way to get Alice "pk" from here to
Bob and the public key of Bob back to Alice? How can Bob be sure that
a received public key is really the key of Alice and vice versa?
Upvotes: 1
Views: 541
Answers (1)
Reputation: 666
You can't without a trusted third party and another secure channel. That is the reason SSL has certificate authorities and trust-chain certificates pre-deployed in the browser. Without those, the exchange process is vulnerable to an active man in the middle.
Upvotes: 1
Related Questions
- How to upgrade all Python packages with pip
- How to set, clear, and toggle a single bit
- Random string generation with upper case letters and digits
- How do I change the size of figures drawn with Matplotlib?
- Make a dictionary (dict) from separate lists of keys and values
- How do I pad a string with zeros?
- How do I make function decorators and chain them together?
- How can I add new keys to a dictionary?
- How do I create a directory, and any missing parent directories?
- How do I return dictionary keys as a list in Python?