The shared key used for the encrypted connection is based on two new keypairs generated by
both participants. The public keys that need to be exchanged are encrypted with the passed
encrypt / decrypt functions.
This ensures forward secrecy (because of a new set of keys for each connection) and man in
the middle protection (because the public keys are transported with encryption)
TODO: At the moment the current workflow has the drawback, that the source and targetPublicKey
are transmitted unencrypted in Phase 1. It doesn't hurt security, but a listening third
party sees who communicates with whom which hurts privacy.
Establish an encrypted connection to a target.
The shared key used for the encrypted connection is based on two new keypairs generated by both participants. The public keys that need to be exchanged are encrypted with the passed encrypt / decrypt functions.
This ensures forward secrecy (because of a new set of keys for each connection) and man in the middle protection (because the public keys are transported with encryption)
TODO: At the moment the current workflow has the drawback, that the source and targetPublicKey are transmitted unencrypted in Phase 1. It doesn't hurt security, but a listening third party sees who communicates with whom which hurts privacy.