In the passvault, the default type of public key cryptography is
selected via a variable. The core test has been changed where it relies
on RSA specifically to check for the default record type.
This commit adds ECC cases to functions checking for RSA records.
Additionally, the rsaEncryptedKey variable is changed to pubEncryptedKey
to reflect a general use of public key crypto.
There are a few changes made here:
* Comments have been updated to reflect the presence of ECC records.
* Variables named rsa* have been renamed pub* to reflect the general
use of public key cryptography, instead of RSA specifically.
* An if statement for RSA keys now handles both RSA and ECC keys.
This adds code to handle ECC records; the RSA code remains intact.
While old password records are not affected, new records use ECC. Due to
the use of public keys to encrypt a KEK that is then used to encrypt
data, there is no visible change to end users. A user with an RSA key
can interact and share a secret with a user who has an ECC key.
The bulk of this commit simply adds cases for handling EC records.
The package encrypts data using ECDHE with AES-128-CBC-HMAC-SHA1;
this matches the other components. The curve used is P256 to match
the use of AES-128. The Go ECDSA package is used; no signatures are
done, but it presents usable PublicKey and PrivateKey types that are
useful for this system.
Keygen instructions suggestion using the folder named "cert".
Server run instructions use the folder "certs".
This change harmonizes the two to be "cert".
The passvault's id is created with math.rand as a native int.
If the vault is created on a 64-bit system, it breaks compatibility
with 32-bit systems.
- Generate vaults with 32-bit ids.
- Update testcode
The string used for selecting the transaction type should
be copied because it is passed by reference.
Augment HMAC to validate entire decryption request
All the valued fields need to be hashed for incoming
encrypted file. This is to keep the integrity of the
request.
Add static test case for core
Test the output of a pre-computed encrypted blob with associated
vault.
Support hosting static file under /index
Require client auth only when server CA present
Add tests for cryptor.go
Improve comments.
