Trubanc Encryption

Submitted by Bill St. Clair on Wed, 20 Aug 2008 23:46:51 GMT  <== Truledger ==> 

I haven't thought much about encryption for the Trubanc client/server link. I figured I'd just set up SSL on the server, and go with that. Today, I realized that I don't need SSL. Trubanc already has a public key infrastructure all set up. It can do it's own encryption, using the OpenSSL library just as the SSL protocol does. Here's an outline of the encryption protocol, using the same language I use in my server design, from the perspective of the client:

  sent: (<id>,getsessionkey,<bankid>,<reqid>)
  rcvd: (<bankid>,sessionkey,<id>,<pubkey encrypted: [<sessionid>,<sessionkey>]>)

  sent: [<sessionid>,<sessionkey encrypted: message>]
  rcvd: [<sessionid>,<sessionkey encrypted: response>]
        [<sessionid>,unknown] if the <sessionid> isn't registered

  sent: [<sessionid>,
         <sessionkey encrypted: (<id>,closesession,<bankid>,<sessionid>)>]
  rcvd: [<sessionid>,
         <sessionkey encrypted:

This should be relatively easy to implement, and won't likely slow things down by much. Yay!

Add comment Edit post Add post