Key pair (private and public key)
Condensation uses RSA 2048 key pairs to asymmetrically encrypt and sign data. A key pair consists of a private key, and a corresponding public key:
Key pairs are generated by the application taking part in the Condensation protocol on the device on which that application is running. By generating a key pair, the application implicitly creates an actor.
Private key
The private key consists of three integers:
- a public exponent e, usually 65537
- two 1024-bit primes p and q
The private key should be stored in a safe place on the device on which it was generated, and may be protected with a pin code, a fingerprint, or any other appropriate mechanism.
The primes p and q must be kept secret, and should never leave the device. They should not be backed up. Condensation can deal with lost keys.
Public key
The public key is serialized as an object carrying a record with the following structure:
e public exponent n modulus
Both numbers are encoded as unsigned big-endian integers. The public exponent is usually 65537, which can be encoded with 3 bytes (01 00 01). The modulus is 256 bytes (2048 bits) long.
The order of the two nodes does not matter, but it is recommended to use the above order. Any additional information about the actor should be stored on its public card, and not be added to the public key.
The hash of the public key object is used to identify an actor. Hence, the public key object cannot be modified throughout the lifetime of an actor.
The public key object must be uploaded onto all stores used by the actor.