While bipartisan public-key cryptography is very well laid out in the .net infrastructure, n-party really bothers me. For example, to provide two-way video conferencing. communication is quite simple:
1) Each side generates RSA key pairs for a particular session and receives its public keys signed by a trusted authority (i.e. a trusted server). 2) Each key exchange group uses ECDiffieHellmanCng, thus, the connection is now authentic and secure (thinking that they are using Vista / W7).
Now adding a third party to this message will not work, because key exchange algorithms are designed to obtain a shared secret key from only 2 public keys (especially using .NET and BouncyCastle). Thus, the question arises, how would you begin to implement the n-party public key cryptographic scheme, which is still genuine (i.e., Resistant to humans in medium attack) and protected (i.e., protected from eavesdropping).
Change . Currently, the ideas are as shown below. I will continue to implement the most popular version of the NBusy.Communicator Library :
- Use a two-way communication scheme in which one of the parties acts as a federation server.
- Initiate two-way communication and allow one party to authenticate third parties and pass the secret / symmetric key.
- Use a multi-party agreement scheme.
Edit2 . I am going to use the "n-Party Diffie Hellman" algorithm, similar to that described here, but with some changes: http://www.codeproject.com/KB/cs/diffy_helman.aspx
source
share