Hi Mike and Andrew, Thank you for pointing this out. After reading https://www.wireguard.com/ and https://lwn.net/Articles/761939/, it seems like WireGuard offers a secure transport and not the key management features. Unless I missed something?
Regards, Usman On Wed, Oct 17, 2018 at 8:55 PM Mike O'Connor <[email protected]> wrote: > On 17/10/2018 7:44 PM, Andrew Worsley wrote: > > > > > > On 17 Oct 2018 7:00 pm, "Usman Saeed via luv-main" > > <[email protected] <mailto:[email protected]>> wrote: > > > > Hi, > > > > I am working on a project involving distributed radio nodes > > connected over a wireless network. We are using symmetric key > > cryptography for ciphering (AES-256). The radio nodes are running > > Linux on a 250MHz processor. > > I need a solution to manage the symmetric keys in this network of > > nodes, written in C/C++. The solution should be able to manage the > > life cycle of the keys. It should be able to auto-generate a new > > key (upon expiry or when manually instructed by the user) and > > securely disseminate it in the network and archive the old key > > after activation of the new key. > > I have looked at Key Management Interoperability Protocol (KMIP). > > It provides all of these features but sadly there is no > > open-source implementation available in C. > > Does anyone know a solution for symmetric key management that can > > provide these features and implemented in the open-source domain? > > > > Thanks, > > Usman > > > > > > If you are not wedded to AES have a look at wireguard. > > https://lwn.net/Articles/761939/ > > > > It's available on many distributions are automatically handles > > updating session keys once you have registered each nodes public key. > > I found the lkms package very easy get under Debian Stretch. > > > > It's light weight, simple and just works without complex Daemon needed. > > > > If you want to support many nodes with arbitrary linkage you will > > need to run some more complex routing system I guess. > > > > Andrew > > Hi, > > I second the idea of using a schema along the lines implemented in > WireGuard. You might be able re-purpose the WireGuard kernel module for > your communications. > > Your talk about 'securely dissemination' of the keys, WireGuard does > initially need the keys to be shared but from there is its all automatic. > > Cheers > Mike > > > >
_______________________________________________ luv-main mailing list [email protected] https://lists.luv.asn.au/cgi-bin/mailman/listinfo/luv-main
