Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implementation of API for crypto modules #584

Closed
totaam opened this issue May 29, 2014 · 7 comments
Closed

Implementation of API for crypto modules #584

totaam opened this issue May 29, 2014 · 7 comments

Comments

@totaam
Copy link
Collaborator

totaam commented May 29, 2014

Issue migrated from trac ticket # 584

component: core | priority: minor | resolution: wontfix

2014-05-29 16:52:23: gschwind created the issue


The state encrypted connection is not rely know but discussion was started on #198, but at the moment Xpra seems to define a proper API to include modules that can encrypt connections.

This ticket intend to be fixed before implementing new crypto modules

@totaam
Copy link
Collaborator Author

totaam commented May 29, 2014

2014-05-29 17:10:12: gschwind commented


At the moment in #198, mvrable proposed a patch that separate encryption module from the core protocol which seems to be a good way to implement encryption.

At the moment I imagine the following protocol for establishing encrypted connection:

  • the client start a connection to the server
  • the client send hello message with a list of desired encryption module from preferred one to lest preferred.
  • the server select the most favorite encryption module that the client wish from the list of encryption module it support.
  • the server return a message to inform the client to start encryption negotiation with the selected encryption module
  • the client and the server communicate in some way (the encryption is called to do so). At this step an authentication may be required.
  • when the client and the server are agree, all next messages are encoded/decoded using the encryption modules. The encryption module can encapsulate messages in the way the want.

Maybe, we have to include some message that allow the encryption module to discuss to change some encryption parameters, for example temporary encryption keys.

Taking in account this step we may implement an API.

Best regards

@totaam
Copy link
Collaborator Author

totaam commented Jul 27, 2014

2014-07-27 12:11:45: totaam commented


Notes:

@totaam
Copy link
Collaborator Author

totaam commented Nov 13, 2015

2015-11-13 13:45:33: antoine commented


See also #876 and #1029

@totaam
Copy link
Collaborator Author

totaam commented Sep 27, 2016

2016-09-27 10:30:49: antoine changed status from new to closed

@totaam
Copy link
Collaborator Author

totaam commented Sep 27, 2016

2016-09-27 10:30:49: antoine set resolution to wontfix

@totaam
Copy link
Collaborator Author

totaam commented Sep 27, 2016

2016-09-27 10:30:49: antoine commented


Superseded by #1252.
The next release will scale back on the crypto modules too and drop support for pycrypto. (which looks totally unmaintained)

@totaam totaam closed this as completed Sep 27, 2016
@totaam
Copy link
Collaborator Author

totaam commented Feb 20, 2017

2017-02-20 12:24:27: antoine commented


2.0 removed support for pycrypto and only supports python-cryptography, see r14512

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant