Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 13:29
    ilammy synchronize #562
  • 12:50
    ilammy synchronize #561
  • 12:50
    ilammy synchronize #562
  • 12:50
    ilammy synchronize #564
  • 09:20
    ilammy edited #565
  • 09:19
    ilammy review_requested #562
  • 09:19
    ilammy review_requested #562
  • 09:19
    ilammy ready_for_review #562
  • 09:19
    ilammy edited #562
  • 09:19
    ilammy synchronize #562
  • 09:17
    ilammy review_requested #561
  • 09:17
    ilammy review_requested #561
  • 09:17
    ilammy ready_for_review #561
  • 09:17
    ilammy edited #561
  • 09:16
    ilammy synchronize #561
  • 09:14
    ilammy edited #564
  • 09:14
    ilammy review_requested #564
  • 09:14
    ilammy review_requested #564
  • 09:14
    ilammy ready_for_review #564
  • 09:14
    ilammy synchronize #564
vixentael
@vixentael
@/all hello, themis :)
Ignat Korchagin
@ignat1
Let's make the world safer
Cossack Labs
@cossacklabs
Oh hi
vixentael
@vixentael
:dancer: :dancer:
Andrey Mnatsakanov
@mnaza
Hi
Ignat Korchagin
@ignat1
Please, give some advice on a nice name for SMP feature (http://en.wikipedia.org/wiki/Socialist_millionaire) for themis
vixentael
@vixentael
we're live! trust me :D
Jerry
@solvingj
wow, no chat in 17 months :(
and 12 before that :(
well, let me say that themis looks awesome anyway
i'm trying to figure out how Secure Cell works at a high level, and how it deals with the fundamental problem of decrypting a secure strong from disk programmatically (without user interaction).
We have a system service our customers install, and we want it to provision and store credentials on disk that it must use to communicate with a cloud service.
We think there's no fundamentally secure way to do this, but we're asking around anyway.
vixentael
@vixentael
This message was deleted
vixentael
@vixentael

Hi @solvingj! Apologies for not checking chat on time.

Secure Cell is used for symmetric encrypting/decrypting of stored data, so I think it should be fine to use it in your case. User interaction might be needed to get user’s approval before decrypting (for example, you are storing sensitive data and do a double check asking the user for a password before showing the data).

However, encryption key is separated from user password, you should handle this key very carefully. We do not recommend storing encryption key near encrypted data. You might want to generate an encryption key based on pieces, stored in different places, including some user’s details, or use vendor-provided key storage (like Keychain on OSX).

We can discuss your case in more details, please, drop me email to dev@cossacklabs.com

Gene Myers
@genemyers
Hello, I have a question about the SecureComparator and Shared Secrets. is it possible to generate an ECDH shared secret with Themis?
Gene Myers
@genemyers
@vixentael hello again, although it doesn't appear that you check Gitter very often.
vixentael
@vixentael
@genemyers
Sorry, just got notification from gitter (an hour delay, uh oh).
Let's continue in emails :)
Rix Tox
@rixtox
Hi. I'd like to know if x25519 and Ed25519 are on the road map? Also is the default curve used for the current ECDSA keypair generation NID_X9_62_prime256v1?
vixentael
@vixentael

Hi @rixtox!

  1. NID_X9_62_prime256v1 (aka NIST P-256) is default curve used in SecureMessage. Themis also can be re-compiled manually with p384 and p521 (need to change default curve in code and re-compile).
    cossacklabs/themis#322

  2. Themis uses Ed25519 only in SecureComparator
    https://github.com/cossacklabs/themis/blob/master/src/themis/secure_comparator.c#L24

Currently we don't plan to expand curves support, because this should be done very carefully. Our goal not to make yet-another-openssl, but to provide easy-to-use and hard-to-misuse library that is fully compatible across 11 languages (three server-side platforms, two mobile-side platforms, containers, various process architectures yadda yadda), so adding new curve is smth to be carefully handled for each use-case.

However, if you are building a commercial project and timeline is crucial for you, you should consider the pro's of commercial support for Themis. During commercial agreement we can ship a special version of Themis for you.
https://github.com/cossacklabs/themis#commercial-support

vixentael
@vixentael

UPD:
we actually have worked on Themis version that uses libsodium (Curve25519 / ed25519) as crypto-backend. These changes live in a separate branch, not integrated into master
https://github.com/cossacklabs/themis/tree/libsodium

Here is a blog post describing changes
https://www.cossacklabs.com/replacing-openssl-with-libsodium.html

Rix Tox
@rixtox
Do you plan to support Windows? I managed to compile it using mingw. It requires patching some code. It has to use Winsock2.h instead of arpa/inet.h. Makefile and pkg-config need to link with -lws2_32. CGO need to use pkg-config instead of LDFLAGS in this case.
and htonll and ntohll are not available on my mingw's headers, so had to implement them as well.
vixentael
@vixentael

@rixtox that's awesome! would you mind to open a PR?

in previous years we've tested Themis on Windows couple of times, but we didn't have a capacity to support it as stable/testable open source code. If you open a PR, we'll do our best to integrate it into our existing codebase and integration test suite, and to mention you as contributor for eternal glory

Rix Tox
@rixtox
sure. currently I hard coded some settings in Makefile, I can tidy it up to make a PR
vixentael
@vixentael
@rixtox would be great, otherwise no worries, we'll merge it to the separate branch first, tidy up and test, then merge to master
vixentael
@vixentael
@rixtox we pushed forward windows support, and now Themis can be compiled as .dll
https://github.com/cossacklabs/themis/pulls?utf8=%E2%9C%93&q=label%3Awindows+
currently we're working on integration tests and CICD, so official release will happen when we'll be ready with tests and docs.
however, master branch should be working on windows now