• Vlad =?UTF-8?B?Q2hpY2/ImQ==?= (19/19) Dec 22 2022 Hi! Since my last update I worked on the cryptography module.

Vlad =?UTF-8?B?Q2hpY2/ImQ==?= <vladut.chicos gmail.com> writes:

Hi! Since my last update I worked on the cryptography module. 
Using the openssl EVP interface, via the deimos bindings, I 
created some methods for the generation of public/private key 
pairs and the shared key. I also implemented the signature 
validation, according to the TLS 1.3 spec, needed if the other 
peer provides a certificate.

https://github.com/dlang-community/quic-d/pull/1

Working on this offered me the opportunity to learn about 
concepts like hybrid encryption and forward secrecy (even with 
unauthorized access to the private key of the peer's certificate, 
past messages cannot be decrypted thanks to the use of ephemeral 
public/private key pairs during the handshake phase).

Suggestions are welcome! Thanks!

References:
- https://www.rfc-editor.org/rfc/rfc8446.html
- https://www.rfc-editor.org/rfc/rfc9001.html
- https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_new.html
- 
https://www.openssl.org/docs/man3.0/man3/EVP_DigestVerifyUpdate.html