Function silc_client_add_channel_private_key
SYNOPSIS
SilcBool
silc_client_add_channel_private_key(SilcClient client,
SilcClientConnection conn,
SilcChannelEntry channel,
const char *name,
char *cipher,
char *hmac,
unsigned char *key,
SilcUInt32 key_len,
SilcChannelPrivateKey *ret_key);
DESCRIPTION
Adds private key for channel. When channel has private key then the
messages are encrypted using that key. All clients on the channel
must also know the key in order to decrypt the messages. However,
it is possible to have several private keys per one channel. In this
case only some of the clients on the channel may know the one key
and only some the other key. The `name' can be application given
name for the key. This returns the created key to the 'ret_key'
pointer if it is non-NULL;
If `cipher' and/or `hmac' is NULL then default values will be used
(aes-256-cbc for cipher and hmac-sha1-96 for hmac).
The private key for channel is optional. If it is not set then the
channel messages are encrypted using the channel key generated by the
server. However, setting the private key (or keys) for the channel
significantly adds security. If more than one key is set the library
will automatically try all keys at the message decryption phase. Note:
setting many keys slows down the decryption phase as all keys has to
be tried in order to find the correct decryption key. However, setting
a few keys does not have big impact to the decryption performace.
NOTES
NOTE: This is entirely local setting. The key set using this function
is not sent to the network at any phase.
NOTE: If the key material was originated by the SKE protocol (using
silc_client_send_key_agreement) then the `key' MUST be the
key->send_enc_key as this is dictated by the SILC protocol. However,
currently it is not expected that the SKE key material would be used
as channel private key. However, this API allows it.
|
SILC Toolkit Reference Manual
Introduction to SILC RNG
Client Library Interface