-
Notifications
You must be signed in to change notification settings - Fork 0
Cryptography
etr's security is provided by QUIC with TLS 1.3, delegating all cryptography to rustls and quinn. There is no custom crypto code.
etr uses an ephemeral self-signed certificate generated fresh for each session by rcgen. The certificate is transmitted to the client over the SSH-encrypted bootstrap channel. The client pins exactly this certificate — no CA or PKI is involved. This is directly analogous to SSH host-key trust: the out-of-band channel (SSH) authenticates the key.
The TLS 1.3 cipher suite is negotiated by rustls based on platform capability. The set includes:
| Suite | Key exchange | AEAD |
|---|---|---|
TLS_AES_256_GCM_SHA384 |
X25519 ECDH | AES-256-GCM |
TLS_AES_128_GCM_SHA256 |
X25519 ECDH | AES-128-GCM |
TLS_CHACHA20_POLY1305_SHA256 |
X25519 ECDH | ChaCha20-Poly1305 |
Each session generates a random 32-character passkey sent to the server via the SSH-encrypted bootstrap channel. The client includes this passkey in its SessionOpen message on the QUIC control stream. The server verifies it before accepting the session. This prevents a network attacker who can reach the QUIC port from hijacking a session even if they somehow bypass TLS (defense in depth).
TLS 1.3 always uses ephemeral key exchange (X25519), providing forward secrecy: session keys are not derivable from any long-term secret. A new TLS handshake occurs on every reconnect, generating a fresh session key each time.
The current TLS 1.3 configuration uses classical X25519 ECDH. Post-quantum key exchange (X25519MLKEM768 hybrid, via rustls-post-quantum) can be added in a future release once it stabilises in the TLS standardisation pipeline.
| Role | Crate |
|---|---|
| QUIC transport | quinn |
| TLS 1.3 | rustls |
| Certificate generation | rcgen |