[_] Switch to noble hybrid#34
Conversation
xabg2
left a comment
xabg2
left a comment
There was a problem hiding this comment.
The comments related to the sender key are just for curiosity 😄
| ): Promise<HybridEncryptedEmail> { | ||
| try { | ||
| const { encryptionKey, params, enc } = await encryptEmailBody(email, isSubjectEncrypted); | ||
| const encryptedKey = await encryptKeysHybrid(encryptionKey, recipient.publicKeys, senderPrivateKey); |
There was a problem hiding this comment.
Because X-Wing doesn't need it. Before, I was doing ECC secret derivation, Kyber KEM encapsulation that gave another secret, then deriving one key from both secrets. X-Wing does it differently; they take public key of the intended recipient as input and handle everything else. The hybrid key is this:
| export async function encryptEmailHybridForMultipleRecipients( | ||
| email: Email, | ||
| recipients: UserWithPublicKeys[], | ||
| senderPrivateKey: PrivateKeys, |
| */ | ||
| export async function decryptEmailHybrid( | ||
| encryptedEmail: HybridEncryptedEmail, | ||
| senderPublicKeys: PublicKeys, |
There was a problem hiding this comment.
Same (also remember to remove the params from the JSDoc) :)
There was a problem hiding this comment.
true, will check
| * @param userEmail - The ID of the user | ||
| * @param tag - The keystore type-specific tag string |
There was a problem hiding this comment.
Are these params being used in the function?
There was a problem hiding this comment.
was before, fixed
|
2 participants
Description
Currently, crypto has a custom implementation of the hybrid encryption algorithm. Recently, noble-post-quantum released a hybrid API, which provides an improved version called X-Wing. Switching to a noble implementation would help delegate method maintenance and align the implementation with the X-Wing article for future audits.
This PR switches to X-Wing hybrid encryotion for email encryption
Related Issues
MT-MN-02 from https://inxt.atlassian.net/wiki/spaces/T/pages/1007583233/PQ+Meet+Code+Security+Assessment#MT-MN-02
Checklist
Testing Process
unit tests
Additional Notes
no need for private/public key types then