mirrors/core-lightning
1
0
Fork 0
mirror of https://github.com/ElementsProject/lightning.git synced 2024-11-19 09:54:16 +01:00
Code Issues Projects Releases Wiki Activity
50771b5e76
core-lightning/doc/lightning-getsharedsecret.7
Rusty Russell a00179d557 doc, wiregen: use SHA256 stamps instead of git versions. 
This should be more robust in future: we SHA256 all of the deps.
For wiregen we prefix with EXPERIMENTAL_FEATURES, since it can effect them.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2020-08-31 21:33:26 -05:00

98 lines
3.2 KiB
Groff
Generated
Raw Blame History

.TH "LIGHTNING-GETSHAREDSECRET" "7" "" "" "lightning-getsharedsecret"
.SH NAME
lightning-getsharedsecret - Command for computing an ECDH
.SH SYNOPSIS
\fBgetsharedsecret\fR \fIpoint\fR
.SH DESCRIPTION
The \fBgetsharedsecret\fR RPC command computes a shared secret from a
given public \fIpoint\fR, and the secret key of this node\.
The \fIpoint\fR is a hexadecimal string of the compressed public
key DER-encoding of the SECP256K1 point\.
.SH RETURN VALUE
On success, \fBgetsharedsecret\fR returns a field \fIshared_secret\fR,
which is a hexadecimal string of the 256-bit SHA-2 of the
compressed public key DER-encoding of the SECP256K1 point
that is the shared secret generated using the
Elliptic Curve Diffie-Hellman algorithm\.
This field is 32 bytes (64 hexadecimal characters in a string)\.
This command may fail if communications with the HSM has a
problem;
by default lightningd uses a software "HSM" which should
never fail in this way\.
(As of the time of this writing there is no true hardware
HSM that lightningd can use, but we are leaving this
possibilty open in the future\.)
In that case, it will return with an error code of 800\.
.SH CRYPTOGRAPHIC STANDARDS
This serves as a key agreement scheme in elliptic-curve based
cryptographic standards\.
However, note that most key agreement schemes based on
Elliptic-Curve Diffie-Hellman do not hash the DER-compressed
point\.
Standards like SECG SEC-1 ECIES specify using the X coordinate
of the point instead\.
The Lightning BOLT standard (which \fBlightningd\fR uses), unlike
most other cryptographic standards, specifies the SHA-256 hash
of the DER-compressed encoding of the point\.
It is not possible to extract the X coordinate of the ECDH point
via this API, since there is no known way to reverse the 256-bit
SHA-2 hash function\.
Thus there is no way to implement ECIES and similar standards using
this API\.
If you know the secret key behind \fIpoint\fR, you do not need to
even call \fBgetsharedsecret\fR, you can just multiply the secret key
with the node public key\.
Typically, a sender will generate an ephemeral secret key
and multiply it with the node public key,
then use the result to derive an encryption key
for a symmetric encryption scheme
to encrypt a message that can be read only by that node\.
Then the ephemeral secret key is multiplied
by the standard generator point,
and the ephemeral public key and the encrypted message is
sent to the node,
which then uses \fBgetsharedsecret\fR to derive the same key\.
The above sketch elides important details like
key derivation function, stream encryption scheme,
message authentication code, and so on\.
You should follow an established standard and avoid
rolling your own crypto\.
.SH AUTHOR
ZmnSCPxj \fI<ZmnSCPxj@protonmail.com\fR> is mainly responsible\.
.SH SEE ALSO
.SH RESOURCES
.RS
.IP \[bu]
BOLT 4: \fIhttps://github.com/lightningnetwork/lightning-rfc/blob/master/04-onion-routing.md#shared-secret\fR
.IP \[bu]
BOLT 8: \fIhttps://github.com/lightningnetwork/lightning-rfc/blob/master/08-transport.md#handshake-state\fR
.IP \[bu]
SECG SEC-1 ECIES: \fIhttps://secg.org/sec1-v2.pdf\fR
.IP \[bu]
Main web site: \fIhttps://github.com/ElementsProject/lightning\fR
.RE
\" SHA256STAMP:695c9ea03a16c6698806f3b288c0b7163a112b19791fd81bf7b3f9b032804ca3
Reference in New Issue View Git Blame Copy Permalink