Hi Mike and Andrew,
Thank you for pointing this out. After reading
, it seems like WireGuard offers a
secure transport and not the key management features. Unless I
On Wed, Oct 17, 2018 at 8:55 PM Mike O'Connor <mike(a)pineview.net> wrote:
On 17/10/2018 7:44 PM, Andrew Worsley wrote:
On 17 Oct 2018 7:00 pm, "Usman Saeed via luv-main"
<luv-main(a)luv.asn.au <mailto:email@example.com>> wrote:
I am working on a project involving distributed radio nodes
connected over a wireless network. We are using symmetric key
cryptography for ciphering (AES-256). The radio nodes are running
Linux on a 250MHz processor.
I need a solution to manage the symmetric keys in this network of
nodes, written in C/C++. The solution should be able to manage the
life cycle of the keys. It should be able to auto-generate a new
key (upon expiry or when manually instructed by the user) and
securely disseminate it in the network and archive the old key
after activation of the new key.
I have looked at Key Management Interoperability Protocol (KMIP).
It provides all of these features but sadly there is no
open-source implementation available in C.
Does anyone know a solution for symmetric key management that can
provide these features and implemented in the open-source domain?
If you are not wedded to AES have a look at wireguard.
It's available on many distributions are automatically handles
updating session keys once you have registered each nodes public key.
I found the lkms package very easy get under Debian Stretch.
It's light weight, simple and just works without complex Daemon needed.
If you want to support many nodes with arbitrary linkage you will
need to run some more complex routing system I guess.
I second the idea of using a schema along the lines implemented in
WireGuard. You might be able re-purpose the WireGuard kernel module for
Your talk about 'securely dissemination' of the keys, WireGuard does
initially need the keys to be shared but from there is its all automatic.