[−]Module themis::secure_session
Secure Session service.
Secure Session is a lightweight mechanism for securing any kind of network communication (both private and public networks, including the Internet). It is protocol-agnostic and operates on the 5th layer of the network OSI model (the session layer).
Communication over Secure Session consists of two stages:
- negotiation stage (key agreement);
- actual data exchange.
During the negotiation stage, peers exchange their cryptographic material and authenticate each other. After a successful mutual authentication, each peer derives a session-shared secret and other auxiliary info from the session (session ID, initial vectors, etc.)
During the data exchange stage, peers securely exchange data provided by higher layer protocols.
Examples
Secure Session usage is relatively involved so you can see a complete working example in the documentation: client and server.
To sum it up, you begin by implementing a SecureSessionTransport
. You have to implement
at least the get_public_key_for_id
method and may want to implement some others.
Then you acquire the asymmetric key pairs and distribute the public keys associated with
peer IDs — arbitrary byte strings used to identify communicating Secure Sessions.
With that you can create an instance of SecureSession
on both the client and the server.
Next you go through the negotiation stage using connect
and negotiate
methods until the connection is_established
. After that the Secure Sessions are ready
for data exchange which is performed using send
and receive
methods.
There is also an alternative buffer-oriented API. See SecureSession
documentation to learn
more.
Structs
SecureSession | Secure Session context. |
TransportError | Transport layer error. |
Enums
SecureSessionState | State of Secure Session connection. |
Traits
SecureSessionTransport | Transport delegate for Secure Session. |