A demo of PFS implementing ECDHE-RSA-AES128-GCM-SHA256 between two entities based on websocket communication.
This demo is based on :
- masq-sync : to create a websocket peer
- masq-crypto : all the crypto operations are wrapped in masq-crypto which relies on webCryptoAPI
- masq-common : add some helpers for error handling
The demo simulates two devices which want to be paired and synchronised. The demo shows how to securely shared a session key (symmetric key) through ECDHE.
The different steps are to :
- Generate a long term RSA key pair in each device
- Sharing a link with a temporary symmetric key RSAExchangeEncKey and a channel ID, both are hard coded for the demo purpose
- Connect to a webSocket channel, exchange the encrypted RSA public key with RSAExchangeEncKey
- Now, the received public key will be used to autenticate (signature/verifiation) of the ephemeral EC public keys
- The next step is to start ECDHE by generating a EC key-pair, both devices can communicate by sending messages to a derived channel name (derivation of the received RSA public key)
- Signing and sending the EC public keys
- Verifying and, if verification is ok, deriving a common secret key
- Now the next message will be encrypted with the common secret key, this could be a session key (symmetric key)
By doing this way, after sending a session key, the EC key pair could be deleted, so even if an attacker is listening the network, he will not be able to get the common secret key (because the EC private is ephemeral and use once only to derive the common secret key).
The next legitimate question is : how long will be used the session key ? The answer is : it depends on the desired security level
Signal protocol use a Double Ratchet Algorithm to derive the session key for each message. Another option is to have a expiration date for that session key of 1 day, 1 week.
Masq-sync allows to create peers and subsrcibed to a channel, a socketcluster server must be running.
git clone https://github.com/leventDem/PFS-demo-web-socket.git
cd PFS-demo-web-socket
npm install
The demo works with a mocked version of MasqStore to manage the devices info. Data is stored only in volatile memory.
npm run start
Open demo in two browsers. Each browsers corresponds to a different device.
The exchange of the initial RSA public key is not secure and does not prevent from Man-in-the-middle attack. The recommanded way is to share through another channel (link by e-mail or QrCode in mobile application) a temporary symmetric key and websocket channel id. Then, this temporary channel must be used to encrypt and share both devices RSA long term public key.
From now on, they can communicate to each other channel, the channel name could be derived from the received public key for instance (hash).