blob: 64502fbb132268512ffa8fe38b9f68fb9e223d21 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
|
### Example Ouroboros encryption configuration file
#
# This file specifies the key exchange (KEX) algorithm and cipher to use
# for encrypted flows.
#
# File Locations:
# ---------------
#
# This file should be placed at one of:
# @OUROBOROS_CONFIG_DIR@/security/server/<name>/enc.conf (server-side config)
# @OUROBOROS_CONFIG_DIR@/security/client/<name>/enc.conf (client-side config)
#
# Where <name> is the service name registered with 'irm name create'.
#
# You can override the default paths using:
# irm name create <name> sencpath <server-enc-path> cencpath <client-enc-path>
#
# Configuration Options:
# ----------------------
#
# kex=<algorithm> Key exchange/encapsulation algorithm
# cipher=<cipher> Symmetric cipher algorithm
# kdf=<hash> Key derivation function hash algorithm
# kem_mode=<mode> KEM encapsulation mode (server or client)
# none Explicitly disable encryption
#
# Supported KEX algorithms (kex=):
# --------------------------------
#
# ECDH Curves:
# prime256v1 NIST P-256 (default)
# secp384r1 NIST P-384
# secp521r1 NIST P-521
# X25519 Curve25519
# X448 Curve448
#
# Finite Field Diffie-Hellman (RFC 7919):
# ffdhe2048 2048-bit MODP Group
# ffdhe3072 3072-bit MODP Group
# ffdhe4096 4096-bit MODP Group
#
# ML-KEM (FIPS 203):
# ML-KEM-512 CRYSTALS-Kyber-512
# ML-KEM-768 CRYSTALS-Kyber-768
# ML-KEM-1024 CRYSTALS-Kyber-1024
#
# Hybrid KEMs:
# X25519MLKEM768 X25519 + ML-KEM-768
# X448MLKEM1024 X448 + ML-KEM-1024
#
# Supported cipher algorithms (cipher=):
# --------------------------------------
#
# Authenticated encryption:
# aes-128-gcm AES-128 in GCM mode
# aes-192-gcm AES-192 in GCM mode
# aes-256-gcm AES-256 in GCM mode (default)
# chacha20-poly1305 ChaCha20-Poly1305
#
# Stream ciphers (not recommended):
# aes-128-ctr AES-128 in CTR mode
# aes-192-ctr AES-192 in CTR mode
# aes-256-ctr AES-256 in CTR mode
#
# Key Derivation Functions (kdf=):
# ---------------------------------
#
# Hash algorithms for key derivation in KEX operations:
#
# sha256 SHA-256 (default)
# sha384 SHA-384
# sha512 SHA-512
# sha3-256 SHA3-256
# sha3-384 SHA3-384
# sha3-512 SHA3-512
# blake2b512 BLAKE2b-512 (requires OpenSSL 1.1.0+)
# blake2s256 BLAKE2s-256 (requires OpenSSL 1.1.0+)
#
# KEM Mode (kem_mode=):
# ---------------------
#
# For KEM algorithms (ML-KEM-* and hybrid KEMs), specify which side
# performs the encapsulation operation:
#
# server Server encapsulates to client's ephemeral public key (default, matches TLS 1.3)
# - Client generates ephemeral keypair, sends public key in request
# - Server encapsulates and sends ciphertext in response
# - Client decapsulates with ephemeral private key
# - Standard approach, no pre-shared keys needed
#
# client Client encapsulates to server's static public key (alternative)
# - Requires cached server public key at:
# @OUROBOROS_CONFIG_DIR@/security/client/<service>/kex.srv.pub.[pem|raw]
# - Client encapsulates and sends ciphertext in initial request
# - Server decapsulates with its static private key from:
# @OUROBOROS_CONFIG_DIR@/security/server/kex.key.pem
# - More efficient (0 round-trip) but requires key distribution
# and forfeits forward secrecy
#
# Note: Both sides must use the same kem_mode setting.
# This option is ignored for ECDH/DH key exchange algorithms.
#
# Key Management for Client Mode:
# --------------------------------
#
# For client encapsulation mode, you must:
# 1. Generate server KEM keypair:
# openssl genpkey -algorithm ML-KEM-768 \
# -out @OUROBOROS_CONFIG_DIR@/security/server/kex.key.pem
# 2. Extract and distribute server public key:
# openssl pkey -in kex.key.pem -pubout -out kex.srv.pub.pem
# 3. Cache on clients at:
# @OUROBOROS_CONFIG_DIR@/security/client/<service-name>/kex.srv.pub.pem
#
# File formats:
# - Pure ML-KEM: PEM format (.pem extension)
# - Hybrid KEMs: Raw bytes (.raw extension)
#
# Examples:
# ---------
#
# Default configuration (NIST P-256 ECDH + AES-256-GCM):
kex=prime256v1
cipher=aes-256-gcm
kdf=sha256
#
# Post-quantum KEX with server encapsulation (default, like TLS 1.3):
# kex=ML-KEM-768
# cipher=chacha20-poly1305
# kdf=sha256
# kem_mode=server
#
# Post-quantum KEX with client encapsulation (requires key distribution):
# kex=ML-KEM-768
# cipher=chacha20-poly1305
# kdf=sha256
# kem_mode=client
#
# Hybrid KEX (quantum-resistant):
# kex=X25519MLKEM768
# cipher=aes-256-gcm
# kdf=sha256
#
# High security configuration:
# kex=secp521r1
# cipher=aes-256-gcm
# kdf=sha512
#
# Disable encryption:
# none
|
