Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

I want to use TLS to encrypt the communication between peers in a P2P network. E

ID: 652567 • Letter: I

Question

I want to use TLS to encrypt the communication between peers in a P2P network. Each peer has a well known 256bit peer identifier (the public key of a 256bit elliptic curve keypair). Both peers need to be authenticated against the ECC key.

Each peer has only one ECC key, no RSA key. During the key exchange step, I do not want each peer to generate a self-signed certificate with a bogus RSA key because that would render the authentication meaningless. The peers would have to blindly accept the self-signed RSA certificate because they would not be able to link the RSA key to the ECC key.

Since there is no PKI "authority" to sign each peer certificate, I am considering using ECDH in anon mode to perform the key exchange (TLS_ECDH_anon_WITH_AES_256_CBC_SHA). The anon mode of ECDH will not authenticate the peers at the TLS level, so I want to do the authentication at the application level, by sending/answering a challenge signed by the well known ECC key.

Is this a proper use of ECDH anon, and will a simple challenge/response scheme at the application level guarantee peer authentication?

Also, will this scheme provide forward secrecy?

Explanation / Answer

I have figured out a way to use TLS with only a EC key by using DSA instead of RSA. I had not realized you could do DSA with a EC key. My mistake was trying to use RSA to sign the certificate.

Now I can generate my certificate and self-sign it only with the EC key. The peer will simply check to make sure the certificate was signed by the appropriate node ID (which is the same as the EC public key). And that the public key from the certificate is the same as the node ID.

In practice it simply boils down to using the cipher suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 with a custom trust manager.

Related Questions

I want to pass an array by reference from the main functonand the the result com
Question #3615947
I want to pave a 2 times n rectangle with blocks of two types, A and B, as illus
Question #3783675
I want to pick up C/C++ programming (after a gap of many years) for a project. I
Question #659025
I want to place a check mark or a hash sign before the any ofthe bullets. A. Put
Question #3607816
I want to plot composite map using netCDF4 and python (using basemap) nc file ca
Question #3916257
I want to port an existing app from Java to Node.js - would like to seek your ad
Question #646320
I want to print data to a txt file using a void function outside the main. The p
Question #3628438
I want to print the binary representation of a number using only for, if while a
Question #3564058
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
I want to use SHA-512 for hashing in a system that must be FIPS-compliant. When
Next
I want to use c++ for this circuit For Volt Var optimization, you will need two

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.