Expand description
ECDH key agreement + HKDF-SHA256 + AES-GCM-128 for NDNCERT 0.3.
The protocol mandates P-256 (prime256v1 / secp256r1) ECDH with:
- HKDF-SHA256 (RFC 5869): IKM = shared_secret, salt = 32-byte CA-provided salt, info = 8-byte request_id → 16-byte AES-128 key
- AES-GCM-128: 12-byte IV (from OS RNG), 16-byte auth tag, request_id as additional associated data (AAD)
Structs§
- Ecdh
Keypair - An ephemeral P-256 ECDH key pair.
- Session
Key - A 128-bit AES-GCM session key derived via ECDH + HKDF.