All the encryption layers for SAFEnet

Great stuff

This is a bit out of date, the client has a bootstrap list, so you will get a public key to encrypt to that node. That allows you to pass a key in anonymous nodes for messages from the bootstrap node. On login or join as a client you will get your real keys and connect to your group (they check the request with your address and keys). As a vault you already have a proper connection key so the first bit is not required.
This way all messages are encrypted from message 1 :wink: This prevents man in the middle attacks on join, in normal mode they are already protected as you have spotted. Good analysis

It is a bit mental, but kinda has to be these days I think.

9 Likes