Xpra: Ticket #584: Implementation of API for crypto modules
The state encrypted connection is not rely know but discussion was started on #198, but at the moment Xpra seems to define a proper API to include modules that can encrypt connections.
This ticket intend to be fixed before implementing new crypto modules
Thu, 29 May 2014 16:10:11 GMT - Benoit Gschwind:
At the moment in #198, mvrable proposed a patch that separate encryption module from the core protocol which seems to be a good way to implement encryption.
At the moment I imagine the following protocol for establishing encrypted connection:
- the client start a connection to the server
- the client send hello message with a list of desired encryption module from preferred one to lest preferred.
- the server select the most favorite encryption module that the client wish from the list of encryption module it support.
- the server return a message to inform the client to start encryption negotiation with the selected encryption module
- the client and the server communicate in some way (the encryption is called to do so). At this step an authentication may be required.
- when the client and the server are agree, all next messages are encoded/decoded using the encryption modules. The encryption module can encapsulate messages in the way the want.
Maybe, we have to include some message that allow the encryption module to discuss to change some encryption parameters, for example temporary encryption keys.
Taking in account this step we may implement an API.
Best regards
Sun, 27 Jul 2014 11:11:45 GMT - Antoine Martin:
Notes:
- please also see ticket:614#comment:2, this work should allow one to disable crypto completely. So that if the user does not wish to use crypto, no packets should ever trigger any crypto code to be called
- see ticket:198#comment:25
Fri, 13 Nov 2015 13:45:33 GMT - Antoine Martin:
See also #876 and #1029
Tue, 27 Sep 2016 09:30:48 GMT - Antoine Martin: status changed; resolution set
- status
changed from new to closed
- resolution
set to wontfix
Superseded by #1252.
The next release will scale back on the crypto modules too and drop support for pycrypto. (which looks totally unmaintained)
Mon, 20 Feb 2017 12:24:27 GMT - Antoine Martin: milestone changed
- milestone
changed from future to 2.0
2.0 removed support for pycrypto and only supports python-cryptography, see r14512
Sat, 23 Jan 2021 05:00:04 GMT - migration script:
this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/584