Menu
While 2-party public key cryptography is very well laid out in .net framework going n-party concerns me a lot. For instance securing a two-party video-conf. communication is quite easy:
1) Each party generate session specific RSA key pairs and get their public-keys signed by a trusted authority (i.e. a trusted server).
2) Eachy party exchange keys using ECDiffieHellmanCng thus the connection is now both authentic and secure (thinking that they use Vista/W7).
Now adding a 3rd participant to this communication will not work because key exchange algorithms are designed to derive a shared secret from 2 public keys only (especially using .NET and BouncyCastle). So the question is, how would you go about implementing a n-party public key cryptography schema which is still authentic (i.e. resistant to man in the middle attack) and secure (i.e. secure from eavesdropping).
Edit: Currently the ideas are as below, I'll go ahead and implement the most popular one as a part of the NBusy.Communicator library:
Edit2: I'm going with the "n-Party Diffie Hellman" algorithm, similar to the one described here but with some modifications: http://www.codeproject.com/KB/cs/diffy_helman.aspx
459
The public key consists of the modulus n and the public (or encryption) exponent e. The private key consists of the private (or decryption) exponent d, which must be kept secret. p, q, and λ(n) must also be kept secret because they can be used to calculate d.
The pair of numbers (n, e) form the RSA public key and is made public. Interestingly, though n is part of the public key, difficulty in factorizing a large prime number ensures that attacker cannot find in finite time the two primes (p & q) used to obtain n. This is strength of RSA.
In cryptography, N-hash is a cryptographic hash function based on the FEAL round function, and is now considered insecure. It was proposed in 1990 in an article by Miyaguchi, Ohta, and Iwata; weaknesses were published the following year. N-hash has a 128-bit hash size.
Public key cryptography involves a pair of keys known as a public key and a private key (a public key pair), which are associated with an entity that needs to authenticate its identity electronically or to sign or encrypt data. Each public key is published and the corresponding private key is kept secret.
(Just thinking out loud)
You don't need a (complete) mesh of secure relations.
The point of the PK+Certificate is to distribute a symmetric key.
Any new participant only needs to establish identities with 1 existing node and can then get a copy of that symm key.
125
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
