Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Encrypt the json #47

Open
UnveilTech opened this issue Oct 23, 2024 · 8 comments
Open

Encrypt the json #47

UnveilTech opened this issue Oct 23, 2024 · 8 comments
Labels
enhancement New feature or request
Milestone
1.8

Comments

@UnveilTech
Copy link

Hi Toni,
another suggestion is to encrypt the json sent to the sock/UDP client.

  • architecture:
    nDPId -> internet -> client (sock/UDP)

  • issue:
    the json is clear text and could be intercepted by anyone
    json part contains important data that can not be visible by all

  • solution/proposal:
    encrypt with openssl (ex: cipher method AES-128-CTR) using a special encryption text
    encrypted json must be decrypted by the client (sock/UDP) using C, Go, PHP, etc...

  • ndpid.conf:
    passkey="blablabla..." # take care the value should double quoted because spaces could be allowed
    #'passkey' or whatever you think it'll be the best way
    #argument (ex: -P "blablabla...") also in the command line

what do you think ?

bye Fred
@utoni
Copy link
Owner

utoni commented Oct 23, 2024

That is an idea that I already had in my mind. (See: https://github.com/utoni/nDPId/milestone/3)
I wanted to encrypt the nDPIsrvd connections to it's distributor clients. But doing this within nDPId UDP send is also something I'll consider as it should be more easy to implement as kinda "first crypto support".

@utoni utoni added this to the 1.8 milestone Oct 23, 2024
@UnveilTech
Copy link
Author

excellent !
we'll be happy for testing it as soon as it'll be available...

bye Fred

@UnveilTech
Copy link
Author

Toni,
but think that our proposal is a bit different what you mean with the milestone 1.8 or maybe we're wrong here ;o)
the idea is that the nDPId sends encrypted json to another daemon (ex: ncat, socat, personal tool, etc...)

bye Fred

@utoni
Copy link
Owner

utoni commented Oct 24, 2024

The idea is bit similar so far as it's the same JSON messages which are getting encrypted, but by a different application.

I'll probably start with the nDPId UDP encryption as this might be easier to achieve and may also be reused for other applications such as nDPIsrvd.

@UnveilTech
Copy link
Author

you rock man !!!
we would be happy to test it 👍

bye Fred

@UnveilTech
Copy link
Author

Hi Toni,
we've tested the OpenSSL part to encrypt the Json:
x.zip

we have tested the process and it works fine... so if you could add that to your source code it'll be cool :o)

bye Fred

@utoni
Copy link
Owner

utoni commented Oct 29, 2024

Hi Fred,

thanks for your proposal. Is there any reason why you've used aes256-cbc and not an AEAD i.e. aes256-gcm ?

@UnveilTech
Copy link
Author

Toni,
that's the source from Mistral (French IA, https://mistral.ai/) that we have modified a bit.
we don't care if CBC or GCM, use the mode you think is the best...
the only point we take care is that it must be Go langage compatible, we do use Go as our receiver daemon (nDPId -> Go daemon)
anyway, CBC or GCM or etc..., I think we should find the way with Go :o)

bye Fred

@utoni utoni added the enhancement New feature or request label Nov 1, 2024
@utoni utoni mentioned this issue Nov 19, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
1.8
Development

No branches or pull requests
2 participants
@utoni @UnveilTech