This shows you the differences between two versions of the page.
opentag:otlib:crypto [2012/03/26 16:09] jpnorair created |
opentag:otlib:crypto [2014/09/02 20:10] (current) jpnorair v2 update |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Crypto-Security Module (OTlib) ====== | + | ====== Crypto Module (OTlib) ====== |
The [[opentag:main|OpenTag]] crypto security module implements cryptographic transforms and key exchange primitive functions as needed by a subset of crypto-security methods supported in the [[dash7_mode_2:main|DASH7 Mode 2 specification]]. | The [[opentag:main|OpenTag]] crypto security module implements cryptographic transforms and key exchange primitive functions as needed by a subset of crypto-security methods supported in the [[dash7_mode_2:main|DASH7 Mode 2 specification]]. | ||
- | The Crypto-Security Module is experimental and not officially implemented in OpenTag at the time of writing (03-2012). It is reserved for future use (RFU). Any modules named "crypto" or "security" in the [[opentag:otlib:main|OTlib]] are reserved for official use. | + | The crypto module is not required for Mode 2 usage, per se, because the same functionality is available in the [[opentag:otlib:auth|Authentication Module]]. The Authentication Module is specifically set-up for Mode 2 usage, whereas the crypto module is simply a generic interface to the supported cryptographic primitives. |
+ | |||
+ | ===== EAX Cryptography ===== | ||
+ | The primary type of cryptography in OpenTag is EAX. EAX is a cipher based on AES, which offers both privacy and authentication. The EAX specification supported by the OpenTag Crypto Module is specifically: | ||
+ | * 128 bit key | ||
+ | * No header data | ||
+ | * 56 bit (7 byte) Nonce | ||
+ | * 32 bit (4 byte) Authentication Tag | ||
+ | |||
+ | As such, it is best when used with relatively small payloads (<1280 bytes). Indeed, this is exactly what OpenTag tends to work with. The 128 bit key is not viewed as a security issue because the ability to attack OpenTag devices is heavily constrained by the relative slowness of its I/O. |