diff --git a/README.md b/README.md index b325288..4ed965c 100644 --- a/README.md +++ b/README.md @@ -1,16 +1,33 @@ -This is an implementation of the 'HerraduraKEx' key exchange algorithm in golang. -See github.com/Caume/HerraduraKEx +This is a drop-in replacement for the golang/pkg/net facilities +(net.Dial(), net.Listen(), net.Accept() and net.Conn type) using the +experimental HerraduraKEx 'secure' key exchange algorithm, first released at +github.com/Caume/HerraduraKEx -package herradurakex is a simple golang library to manage key exchanges using the algorithm -and (TODO) wraps/extends golang.org/pkg/net/, Listener interface, Dial/Accept methods by -providing a HKexConn built on top of the vanilla Conn. +One can simply replace calls to net.Dial() with hkex.Dial(), and likewise +net.Listen() with hkex.Listen(), to obtain connections (hkex.Conn) conforming +to the basic net.Conn interface. Upon Dial(), the HerraduraKEx key exchange +is initiated (whereby client and server independently derive the same +keying material) and session algorithms to be used are exchanged allowing an +encrypted channel between client and server. -Theory: -1. Build a standard pkg/net/ Conn c -2. Build a HKexConn passing in Conn hc (HKexConn implements io.Reader,io.Writer)s -3. Dial/Listen on hc (it will do the KEx and store session key, negotiate crypto alg.) -4. Call any pkg/net ops as usual using HKexConn +NOTE: the terms 'secure' and 'securely' where used above are purposely +enclosed in singled quotes due to the experimental nature of the HerraduraKEx +algorithm used to derive crypto keying material on each end. +As of this time no verdict by acknowledged 'crypto experts' as to the true +security of the HerraduraKEx algorithm for purposes of session key exchange +over an insecure channel has been rendered. +It is hoped that such experts in the field will analyze the algorithm and +determine if it is indeed a suitable one for use in situations where +Diffie-Hellman key exchange is currently utilized. +To run +-- +$ go get /herradurakex.git +$ cd $GOPATH/src//herradurakex +$ go install . +$ cd demo/ +$ go build client.go && go build server.go -? -rlm 2018-01-06 - +[ in separate shell windows ] +[A]$ ./server +[B]$ ./client diff --git a/demo/serverp.go b/demo/serverp.go index 5f13c51..58781f0 100644 --- a/demo/serverp.go +++ b/demo/serverp.go @@ -39,7 +39,7 @@ func main() { go func(ch chan []byte, eCh chan error) { for { // try to read the data - data := make([]byte, 64) + data := make([]byte, 512) chN, err = c.Read(data) if err != nil { // send an error if it's encountered