BaseNode

An XLatticie BaseNode is a set of information common to a number of XLattice abstractions including Node and Peer.

A BaseNode has

  1. a name, a convenience for testing; it need not be unique (although it is better if it is)
  2. a nodeID, a 20- or 32-byte value, which should be globally unique
  3. an RSA key for use in encrypting small messages, its commsKey
  4. a second RSA key used for signing documents, its sigKey
  5. a number of Overlays though which it communicates

NodeID

A NodeID is a 160- or 256-bit value, typically generated by SHA-1 or SHA-256, where SHA is the Secure Hash Algorithm. It is not unreasonable to hash one or both of the node’s public RSA keys to generate its nodeID.

CommsKey (ck)

The RSA algorithm limits messages to something less than the key size, so a few hundred bytes. RSA is also compute-intensive and so quite slow. Given these considerations, RSA is normally used only to set up a session and then a much faster block cipher such as AES is used to encrypt the rest of the session traffic. If the session is long-lived, the session key might be renegotiated every hour or so.

In this approach, one XLattice node (acting as the server) will publish its RSA public key. Another XLattice (actign as a client) will use this public key to encrypt a message which can only be decrypted by the server, using its RSA private key. In a short exchange, the two will agree on a block cipher session key. All further messages are encrypted using that session key.

SigKey (sk)

It is widely believed that it is less safe to use the same keys for both encryption and digital signatures. So the XLattice node has two RSA keys, the commsKey described above and then a second key, the sigKey, used for generating digital signatures.

Standard practice is to make an XLattice node’s nodeID and the public parts of the commsKey and sigKey available to all prospective Peers, so that the comms public key can be used to encrypt the secret message(s) used to initiate sessions and the sig public key can be used to verify digital signatures supposedly created using the server’s sig private key.

SOFTWARE LICENSE

github link to project project