Expand description
Pairwise X25519 ECDH for Crypt zone-key wrapping.
When a member grants another member access to a zone, the granter
wraps the zone key under a KEK derived from
ECDH(granter_x25519_secret, recipient_x25519_public). The recipient
reproduces the same KEK with
ECDH(recipient_x25519_secret, granter_x25519_public). The two
computations yield the same shared secret because Diffie-Hellman is
commutative over the curve.
HKDF-SHA256 derives the final KEK from the shared secret. The info
parameter binds the wrap to a specific zone so the same
(granter, recipient) pair gets distinct KEKs across zones.
Self-wrap (auto-create) is the special case where granter and
recipient are the same member: ECDH(self_secret, self_public) is a
deterministic value that only the holder of self_secret can
reproduce.
Functionsยง
- pairwise_
kek - Compute the pairwise KEK between a local secret and a peer public,
salted with
info(typically the zone name plus a fixed tag).