new algorithms

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

new algorithms

Giovanni Fontana
Hello everybody,

my name is Giovanni Fontana. I made a new symmetric crypto algorithm (let’s call it algo1) and a new asymmetric crypto algorithm (let’s call it algo2).

I use algo2 for key exchange and with that I can create a session key to cipher and decipher with algo1, so Alice and Bob can communicate each other in secure way.

I wish to import those algorithms inside OpenSSL in order to use some features of this suite (i.e. creation of x509 certificate with algo1 and algo2, and/or TLS and SSL connection always with algo1 and algo2).
My first tries were not successful. 
Could you please tell me each step I have to do in order to achieve my targets? Or share with me some Internet links where those steps are already defined?

Below some info that may help you in answer me:
- The version of OpenSSL I’m playing with is 1.1.1b
- The OS is Linux Ubuntu 14.04
- Of course my algorithms are written in C.

Further question (probably to ask elsewhere inside OpenSSL organisation):
If in the next future with my algorithms I can have some business, which kind of license I need to have with OpenSSL then?

Thank in advance
Kind regards
Reply | Threaded
Open this post in threaded view
|

Re: new algorithms

Dennis Clarke-2
On 4/8/19 11:48 AM, Giovanni Fontana wrote:
> Hello everybody,
>
> my name is Giovanni Fontana. I made a new symmetric crypto algorithm
> (let’s call it *algo1*) and a new asymmetric crypto algorithm (let’s
> call it *algo2*).
>
> I use algo2 for key exchange and with that I can create a session key to
> cipher and decipher with algo1, so Alice and Bob can communicate each
> other in secure way.

I think you would need to publish the algorithm at some point. Is there
a github link perhaps?

Dennis


Reply | Threaded
Open this post in threaded view
|

Re: new algorithms

Giovanni Fontana
Hi Clarke,

Thanks for the email.
Sure, I want to publish the algorithm, but not yet... waiting for establishing a company. 
For similar reasons no github usage at moment.

Giovanni 



Il giorno lun 8 apr 2019 alle 18:06 Dennis Clarke <[hidden email]> ha scritto:
On 4/8/19 11:48 AM, Giovanni Fontana wrote:
> Hello everybody,
>
> my name is Giovanni Fontana. I made a new symmetric crypto algorithm
> (let’s call it *algo1*) and a new asymmetric crypto algorithm (let’s
> call it *algo2*).
>
> I use algo2 for key exchange and with that I can create a session key to
> cipher and decipher with algo1, so Alice and Bob can communicate each
> other in secure way.

I think you would need to publish the algorithm at some point. Is there
a github link perhaps?

Dennis


Reply | Threaded
Open this post in threaded view
|

Re: new algorithms

Viktor Dukhovni
In reply to this post by Giovanni Fontana
On Mon, Apr 08, 2019 at 05:48:56PM +0200, Giovanni Fontana wrote:

> my name is Giovanni Fontana. I made a new symmetric crypto algorithm (let’s
> call it *algo1*) and a new asymmetric crypto algorithm (let’s call it
> *algo2*).

Recent additions to OpenSSL include X25519, Ed25519 and ChaCha20.
If, for some reason, you believe that an important security problem
we're facing is an insufficient number of available algorithms, you
can study how these recent algorithms are integrated into OpenSSL
generally, X.509, CMS and TLS, and integrate your algorithms in a
similar manner.

You might also take a look at the OpenSSL master (3.0) development
branch, which introduces changes to the internal architecture that
are intended to better facilitate integration of external cryptographic
modules.

--
        Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: new algorithms

OpenSSL - User mailing list
In reply to this post by Giovanni Fontana
  • Sure, I want to publish the algorithm, but not yet... waiting for establishing a company. 

 

This is a bit off-topic, but trying to make money from a cryptographic algorithm isn’t really done any more.  RSA was locked up by patents, and there were some elliptic curve patents that have since expired, but nobody really trusts private algorithms any more. There’s too much good stuff readily available.

 

To answer your other question: OpenSSL is covered by the Apache license and any contributions should also use the same license or they will not be accepted. And cryptography, in particular, has to be used by a recognized standards body.

 

Good luck.

 

Reply | Threaded
Open this post in threaded view
|

Re: new algorithms

Tobias Nießen
In reply to this post by Giovanni Fontana
> creation of x509 certificate with algo1 and algo2, and/or TLS and SSL
> connection always with algo1 and algo2
As far as I know, you will need to have an OID assigned for each
algorithm for x509 certificates. You can add those to OpenSSL manually,
but you won't be able to communicate with any other software that does
not implement them. (And as Rich said, there is little reason for people
to trust and use non-standard algorithms.)
Reply | Threaded
Open this post in threaded view
|

Re: new algorithms

Teja Prabhu
1. dasync_aes128_cbc_cipher (search for this in https://github.com/openssl/openssl/blob/master/engines/e_dasync.c) || replace it with your symmetric cipher, and do the same for RSA.
2. setup a server and client and hard-code the symmetric & asymmetric ciphers to your ciphers
3. your idea is simply not going to work. Like Tobias said, you have to add them manually. I suggest you simply not use OpenSSL or any TLS library, unless you have a lot of clout in the International Communication Union.

You can take Mega's approach and use javascript since every browser under the sun has it (as an additional layer over TLS).

Teja Prabhu


On Mon, Apr 8, 2019 at 7:06 PM Tobias Nießen <[hidden email]> wrote:
> creation of x509 certificate with algo1 and algo2, and/or TLS and SSL
> connection always with algo1 and algo2
As far as I know, you will need to have an OID assigned for each
algorithm for x509 certificates. You can add those to OpenSSL manually,
but you won't be able to communicate with any other software that does
not implement them. (And as Rich said, there is little reason for people
to trust and use non-standard algorithms.)
Reply | Threaded
Open this post in threaded view
|

Re: new algorithms

Giovanni Fontana
Thank you every one for the answers and tips, really a great and active group!

Thank you also to Teja and Tobias who has just wrote some suggestion on how I can  have a technical shortcut to prove the functionality of my algorithms in very limited environment.
What I asked is to move a first step (after the algorithms) to have a demo before to setup a company. 
For my limited knowledge I know  the algorithms need to be published and security must be proved for some authorities. All I need to prove is the algorithms works in the real world and openSSL is one of the most used tool to do that, then the other steps

Thank you again for your answer, this is what I really need.

Giovanni



Il giorno lun 8 apr 2019 alle ore 19:23 Teja Prabhu <[hidden email]> ha scritto:
1. dasync_aes128_cbc_cipher (search for this in https://github.com/openssl/openssl/blob/master/engines/e_dasync.c) || replace it with your symmetric cipher, and do the same for RSA.
2. setup a server and client and hard-code the symmetric & asymmetric ciphers to your ciphers
3. your idea is simply not going to work. Like Tobias said, you have to add them manually. I suggest you simply not use OpenSSL or any TLS library, unless you have a lot of clout in the International Communication Union.

You can take Mega's approach and use javascript since every browser under the sun has it (as an additional layer over TLS).

Teja Prabhu


On Mon, Apr 8, 2019 at 7:06 PM Tobias Nießen <[hidden email]> wrote:
> creation of x509 certificate with algo1 and algo2, and/or TLS and SSL
> connection always with algo1 and algo2
As far as I know, you will need to have an OID assigned for each
algorithm for x509 certificates. You can add those to OpenSSL manually,
but you won't be able to communicate with any other software that does
not implement them. (And as Rich said, there is little reason for people
to trust and use non-standard algorithms.)
Reply | Threaded
Open this post in threaded view
|

Re: new algorithms

Michael Richardson
In reply to this post by Tobias Nießen

    >> creation of x509 certificate with algo1 and algo2, and/or TLS and SSL
    >> connection always with algo1 and algo2

Tobias Nießen <[hidden email]> wrote:
    > As far as I know, you will need to have an OID assigned for each
    > algorithm for x509 certificates. You can add those to OpenSSL manually,
    > but you won't be able to communicate with any other software that does
    > not implement them. (And as Rich said, there is little reason for
    > people to trust and use non-standard algorithms.)

But, if your goal is private testing of your stuff, then any OID will do,
including one you allocate with a Private Enterprise Number, which you can get from
IANA by filling out a simple form.
You'll likely have to add the OIDs to the object.txt and run some scripts.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     [hidden email]  http://www.sandelman.ca/        |   ruby on rails    [


signature.asc (497 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: new algorithms

FooCrypt
In reply to this post by Giovanni Fontana
HI Giovanni

Depending on the country you are located in, you may need to check the current status of your countries regulatory legislation regarding encryption technologies. 

Participating countries : https://www.wassenaar.org/participating-states/ [ contacts ] & encryption is listed under Dual List Technologies : https://www.wassenaar.org/ is always a good place to start before drilling into your own locations specific regulations on encryption technologies.

All the best mate and hoping your invention prospers.


-- 

Regards,

Mark A. Lane   

© Mark A. Lane 1980 - 2019, All Rights Reserved.
© FooCrypt 1980 - 2019, All Rights Reserved.
© FooCrypt, A Tale of Cynical Cyclical Encryption. 1980 - 2019, All Rights Reserved.
© Cryptopocalypse 1980 - 2019, All Rights Reserved.

On 9 Apr 2019, at 03:50, Giovanni Fontana <[hidden email]> wrote:

Thank you every one for the answers and tips, really a great and active group!

Thank you also to Teja and Tobias who has just wrote some suggestion on how I can  have a technical shortcut to prove the functionality of my algorithms in very limited environment.
What I asked is to move a first step (after the algorithms) to have a demo before to setup a company. 
For my limited knowledge I know  the algorithms need to be published and security must be proved for some authorities. All I need to prove is the algorithms works in the real world and openSSL is one of the most used tool to do that, then the other steps

Thank you again for your answer, this is what I really need.

Giovanni



Il giorno lun 8 apr 2019 alle ore 19:23 Teja Prabhu <[hidden email]> ha scritto:
1. dasync_aes128_cbc_cipher (search for this in https://github.com/openssl/openssl/blob/master/engines/e_dasync.c) || replace it with your symmetric cipher, and do the same for RSA.
2. setup a server and client and hard-code the symmetric & asymmetric ciphers to your ciphers
3. your idea is simply not going to work. Like Tobias said, you have to add them manually. I suggest you simply not use OpenSSL or any TLS library, unless you have a lot of clout in the International Communication Union.

You can take Mega's approach and use javascript since every browser under the sun has it (as an additional layer over TLS).

Teja Prabhu


On Mon, Apr 8, 2019 at 7:06 PM Tobias Nießen <[hidden email]> wrote:
> creation of x509 certificate with algo1 and algo2, and/or TLS and SSL
> connection always with algo1 and algo2
As far as I know, you will need to have an OID assigned for each
algorithm for x509 certificates. You can add those to OpenSSL manually,
but you won't be able to communicate with any other software that does
not implement them. (And as Rich said, there is little reason for people
to trust and use non-standard algorithms.)