mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-11 13:44:56 +03:00
mukul975
3.0 KiB
3.0 KiB
Workflows - End-to-End Encryption for Messaging
Workflow 1: X3DH Key Agreement
Alice (initiator) Server Bob (responder)
| | |
| |<-- Register: |
| | Identity Key (IK_B) |
| | Signed PreKey (SPK_B)|
| | One-Time PreKeys |
| | |
|-- Fetch Bob's Keys ----------->| |
|<-- IK_B, SPK_B, OPK_B --------| |
| | |
[Compute shared secret]: |
DH1 = DH(IK_A, SPK_B) |
DH2 = DH(EK_A, IK_B) |
DH3 = DH(EK_A, SPK_B) |
DH4 = DH(EK_A, OPK_B) |
SK = HKDF(DH1 || DH2 || DH3 || DH4) |
| | |
|-- Send Initial Message ------->|-- Forward to Bob ------>|
| (IK_A, EK_A, OPK_id, msg) | |
| | [Bob computes same SK]|
Workflow 2: Double Ratchet (Sending)
[Message to Send]
|
[Check: Do we have recipient's new DH public key?]
YES --> [DH Ratchet Step]
- Generate new DH key pair
- Compute DH shared secret
- Derive new root key + sending chain key via HKDF
NO --> [Continue with current sending chain]
|
[Symmetric Ratchet: Derive message key from sending chain]
(chain_key, message_key) = HMAC(chain_key, constants)
|
[Encrypt message with AES-256-GCM using message_key]
|
[Include header: DH public key, previous chain length, message number]
|
[Delete message_key from memory]
Workflow 3: Double Ratchet (Receiving)
[Received Encrypted Message + Header]
|
[Check DH public key in header]
[New key?]
YES --> [DH Ratchet Step]
- Compute DH shared secret
- Derive new root key + receiving chain key
NO --> [Use current receiving chain]
|
[Symmetric Ratchet: Derive message key]
|
[Decrypt message with AES-256-GCM]
|
[Verify authentication tag]
FAIL --> Reject message
PASS --> Return plaintext
|
[Delete message_key from memory]
Workflow 4: Session Lifecycle
[Initial Contact] --> [X3DH Key Exchange]
|
[Initialize Double Ratchet]
|
[Exchange Messages]
(DH ratchet + symmetric ratchet)
|
[Periodic DH Ratchet]
(every N messages or on reply)
|
[Session End / Archive]