Replace node-forge RSA Keypair With ed25519/x25519 Keypair #168
Description
Created by robert-cronin
This issue is about specifying how we actually intend to use asymmetric crypto to:
- Present identities of keynodes
- Authenticate/verify the identity of keynodes
- Generate subkeys/vault-keys as the encryption/decryption keys for the vaults (which is ultimately symmetric)
- Establish secure communication channels between keynodes
The 2 modern algorithms for signing and encryption/decryption are:
AKA: "Ed25519" or "X25519".
We currently use node-forge's implementation of RSA keys, with a 4096 bit keypair. In doing so, we're limited in how transferable our public keys are. For example, the node ID of a keynode is required to be translated to a 'public key fingerprint' (a base64 encoding of a sha256 sum of the ASN.1 SubjectPublicKeyInfo encoding of the RSA public key) in order to be transferable as an ID Once we transition to ed25519, we can simply use the public key (256 bits) as the node ID. This would also simplify the process of #148.
Requires more research, in particular how to turn an existing ed25519 keypair (signing/verification only) into an x25519 key (encryption/decryption). There are articles to explain this process, we just need to research how best to do this in nodejs