[winswitch] Reworking Encryption in Xpra
mvrable at google.com
Wed Oct 31 05:46:30 GMT 2012
A couple of weeks back I was taking a look at some of the encryption
code in Xpra and was thinking that the code could use some improvements
(see bug #198). I haven't had as much time to work on this on my own as
I'd like (since it's really just been in my free time on
evenings/weekends), but have made some progress.
Attached is a first patch (still needs to be tested) at adding better
transport-layer encryption to Xpra--it adds message authentication to each of
the packets to prevent any tampering of the data stream. Please don't commit
it, as it isn't ready for that yet. I'm also working on a patch to implement
key exchange at the start of a connection (the patch I'm posting will require
that to work); I'm currently doing some testing on that and need to get a final
approval to release it. Hopefully that will be done in the next few days, and
I'll send it here to be looked at too.
This is definitely still work in progress, and will warrant a security
review before it should be trusted, but should be a good first step.
More information about the shifter-users