xpra icon
Bug tracker and wiki

This bug tracker and wiki are being discontinued
please use https://github.com/Xpra-org/xpra instead.


Changes between Initial Version and Version 1 of Encryption/AES


Ignore:
Timestamp:
08/09/16 04:16:07 (5 years ago)
Author:
Antoine Martin
Comment:

spit from main page

Legend:

Unmodified
Added
Removed
Modified
  • Encryption/AES

    v1 v1  
     1= AES [/wiki/Encryption] =
     2
     3[[BR]]
     4
     5{{{#!div class="box"
     6== Introduction ==
     7Use this option if you can securely distribute the AES key to each client.
     8[[BR]]
     9Xpra's AES encryption layer uses either the [http://www.pycrypto.org/ pycrypto] or the [https://pypi.python.org/pypi/cryptography cryptography] python library to:
     10* encrypt the network packets with [http://en.wikipedia.org/wiki/Advanced_Encryption_Standard AES] (`Advanced Encryption Standard`) [http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher-block_chaining_.28CBC.29 CBC mode] (`Cipher-block chaining`)
     11* stretch the "passwords" with [http://en.wikipedia.org/wiki/PBKDF2 PBKDF2] (`Password-Based Key Derivation Function 2`)
     12The salts used are generated using Python's [http://docs.python.org/2/library/uuid.html#uuid.uuid4 uuid.uuid4()]
     13}}}
     14
     15
     16{{{#!div class="box"
     17== Usage ==
     18
     19The encryption key to use must be specified with the "{{{--encryption-keyfile=FILENAME}}}" command line option or it will fallback to the password from the [/wiki/Authentication authentication module] in use, which may not be as safe.
     20
     21The contents of this key are combined with salts to generate the secret used to initialize the AES cipher.
     22}}}
     23
     24{{{#!div class="box"
     25== Example ==
     26
     27* server
     28{{{
     29xpra start --start=xterm \
     30    --bind-tcp=0.0.0.0:10000 \
     31    --tcp-encryption=AES --tcp-encryption-keyfile=key.txt
     32}}}
     33* client:
     34{{{
     35xpra attach tcp:$SERVERIP:10000 \
     36    --tcp-encryption=AES --tcp-encryption-keyfile=./key.txt
     37}}}
     38}}}