@jedisct1 I took the properties of crypto_box() and crypto_box_seal() and made the best-of-both-worlds (only sender can decrypt, but authenticated to the sender too):https://github.com/soatok/sodium_crypto_bind …
You really want to use a signature here. Send sign(senderSK, ePK || c) || ePK || c , with c being just crypto_stream_xor(xx, m).
-
-
Then you have to have an Ed25519 keypair in addition to an X25519 keypair, or commit to using birationally equivalent X25519 keys for encryption which raises a LOT of eyebrows in crypto circles.
-
You’re mixing apples and oranges. senderPK is a long-term public key used to verify signatures. It’s not used for DH.
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.