green-coder edited this page Feb 20, 2012 · 4 revisions


When a Forest node is connecting another one, the communication starts with an handshake to authenticate both parties and initiate a secure connection.

Let's call C (like 'client') the node which is initiating the connection, and S (like 'server') the node who is contacted by C.

The handshake at the beginning of the connection is designed:

  • to make S know who is C,
  • to make C make sure that he is talking to S,

... without letting people who is listening the communication line know:

  • what is S's public key,
  • what is C's public key,
  • whether or not a specific C with a well known public key is in the contact list of a specific S with a well known public key.

This is under the assumption that none of C or S's private key is known to the third party who is listening the communication line. However, an analysis of the packet pattern might let a third party know that a specific computer is using Forest on a specific port. This can be countered by using a scheme like Waste's Saturate feature immediately after the handshake.

Handshake's steps:

  1. C opens a connection to S.
  2. C sends a random cipher's symmetric key K1 to S, encrypted using S's public key. Then C uses K1 in a symmetric cipher to encrypt all the following data:
  • timestamp,
  • 2 first bytes of C's public key.
  • C's signature, where the hash is computed from:
    • K1,
    • timestamp,
    • S's public key.
  1. S receives it and decodes it using his private key. If the timestamp is too far from now or If the signature cannot be verified then close the connection. Otherwise the message is considered valid, then S sends back the following concatenated message to C, encrypted using C's public key :
  • a random cipher's symmetric key K2.
  • a hash of C's signature from the previously received message.
  1. C takes K2 and verifies that the hash is from the signature that he previously sent. If it doesn't match he closes the connection.
  2. Both C and S compute K by combining K1 and K2 together. They now have a shared secret that they will use to encrypt and decrypt any further message via a symmetric encryption algorithm.