Replies: 2 comments 1 reply
-
|
I was making key exchange between Rust client and golang server, where: Priv_rust + Pub_golang ----ecdhe----> Secret_rust But surprise Secret_rust != Secret_golang. There must something wrong. Maybe I read a wrong public key at either side. For debug, I 'd like to dump the private keys on both side and import them each other. But when I did that, I found I could not dump private key because of the security consideration on rust side. So I think it is not all of developers dev their code for production, some just for debug, some just for presentation, Since crate ring is the best implementation in its field, it is better to let people do whatever they want, with dangerous hint to tell them it is dangerous to use in production environment. |
Beta Was this translation helpful? Give feedback.
-
|
cc @briansmith |
Beta Was this translation helpful? Give feedback.
-
|
No response, close it |
Beta Was this translation helpful? Give feedback.
-
It is a perfect implement of ECDHE in agreement.rs, I know it is designed feature that the private key should only used once for security in production environment.
But when I do some work no for product, eg, just debug and show the private key and the ecdhe result, or do some work I know exactly what I do, I think it is reasonable to make a function
agree_ephemeral_reusewith danger hint. It is the responsibility of the developer to choose how to use it.Reference:
ClientConfigin rustls, we can make a dangerous config with dangerous() function.Beta Was this translation helpful? Give feedback.
All reactions