24 lines
1.3 KiB
Text
24 lines
1.3 KiB
Text
|
Rosenpass implements a post-quantum-secure key exchange in the spirit of
|
||
|
|
a Noise protocol. The motivating use case is integrating with the
|
||
|
|
WireGuard VPN: In this mode, the key generated by Rosenpass is supplied
|
||
|
|
to WireGuard as its pre-shared symmetric key (PSK). This results in a
|
||
|
|
WireGuard VPN connection with hybrid post-quantum security.
|
||
|
|
|
||
|
|
While Rosenpass is designed with WireGuard in mind, it can be used as a
|
||
|
|
stand-alone tool to exchange keys. Using this mode, it can be used to
|
||
|
|
secure other protocols against attacks from quantum computers, given
|
||
|
|
that they offer using a PSK, and that a secure PSK is sufficient for
|
||
|
|
security of the protocol. To use this mode, the rosenpass binary must be
|
||
|
|
used together with the outfile <FILE> parameter. Then, Rosenpass will
|
||
|
|
write a key to the given file every two minutes, and print a message on
|
||
|
|
standard out to notify the user or the calling script that the key has
|
||
|
|
changed.
|
||
|
|
|
||
|
|
The implementation is written in Rust but uses libsodium and liboqs --
|
||
|
|
both of which are C libraries. This does not result in pretty code
|
||
|
|
everywhere, but enables some advanced security features such as using
|
||
|
|
libsodium's sodium_malloc. We use a couple of techniques to make sure
|
||
|
|
the code is secure: We use variable colouring (gating use of a secret
|
||
|
|
value through a .secret() method), and the code zeroizes all key
|
||
|
|
material.
|