-
-
Notifications
You must be signed in to change notification settings - Fork 7
Implement public key / private key exchange mechanism using TLS #289
Comments
Would this be the case? Since the public keys can be shared to any client. After public key exchange, the message can be encrypted using the PyNaCl module. |
Initially I had thought of the client and the server possessing their own individual private keys which they'd use for communication, whilst using the public key as an extra layer of security to verify the integrity of the data. |
I would like some verification if this TLS example from a repo would be suitable. The mechanism I had in mind was this |
Is this going to replace pyNACL? |
Integrity of data is another ball game. The private keys would be kept secret by each communicator. For instance, say However, there is no Certification Authority involved. So in the event of a MIA, the client would not be sure it is sending data to the actual server. |
Well, I'm wondering if I'm suppose to replace the current PyNaCl module for the TLS. |
Your new example seems to use pyNaCl to create public/private TLS keys. Couldn't the network exchange be done using flask instead of socket IO? |
One of the issues is that this method will break if there is a one-way communication path. For example if the agent is behind a home router with NAT. It won't be possible for the pattoo server to request the private key from the agent. |
Oh yes yes, the socket was just for example purposes. What's the main ingredient is the exchange of the public keys |
https://puppet.com/docs/puppet/5.5/man/key.html With puppet the agent creates it's own key and seems to send it to the puppet server using the puppet servers' public key. https://puppet.com/docs/pe/2018.1/regenerate_puppet_agent_certificates.html Talks about how the agent keys can be regenerated when necessary. Here is how it's configured: https://puppet.com/docs/puppet/latest/config_important_settings.html Here are videos about the process: |
Okay thanks much Peter. I'll review them |
No description provided.
The text was updated successfully, but these errors were encountered: