On 17/10/2018 7:44 PM, Andrew Worsley wrote:
On 17 Oct 2018 7:00 pm, "Usman Saeed via luv-main" <luv-main@luv.asn.au <mailto:luv-main@luv.asn.au>> wrote:
Hi,
I am working on a project involving distributed radio nodes connected over a wireless network. We are using symmetric key cryptography for ciphering (AES-256). The radio nodes are running Linux on a 250MHz processor. I need a solution to manage the symmetric keys in this network of nodes, written in C/C++. The solution should be able to manage the life cycle of the keys. It should be able to auto-generate a new key (upon expiry or when manually instructed by the user) and securely disseminate it in the network and archive the old key after activation of the new key. I have looked at Key Management Interoperability Protocol (KMIP). It provides all of these features but sadly there is no open-source implementation available in C. Does anyone know a solution for symmetric key management that can provide these features and implemented in the open-source domain?
Thanks, Usman
If you are not wedded to AES have a look at wireguard. https://lwn.net/Articles/761939/
It's available on many distributions are automatically handles updating session keys once you have registered each nodes public key. I found the lkms package very easy get under Debian Stretch.
It's light weight, simple and just works without complex Daemon needed. If you want to support many nodes with arbitrary linkage you will need to run some more complex routing system I guess.
Andrew
Hi, I second the idea of using a schema along the lines implemented in WireGuard. You might be able re-purpose the WireGuard kernel module for your communications. Your talk about 'securely dissemination' of the keys, WireGuard does initially need the keys to be shared but from there is its all automatic. Cheers Mike