[winswitch] Reworking Encryption in Xpra

Antoine Martin antoine at nagafix.co.uk
Wed Oct 31 06:48:32 GMT 2012


On 10/31/2012 12:50 PM, Michael Vrable wrote:
> On Tue, Oct 30, 2012 at 10:46:30PM -0700, Michael Vrable wrote:
>> Attached is a first patch (still needs to be tested) at adding better
>> transport-layer encryption to Xpra--it adds message authentication to each of
>> the packets to prevent any tampering of the data stream.  Please don't commit
>> it, as it isn't ready for that yet.
Don't worry, there is no need to rush.

> Does the mailing list strip attachments?  I'm not sure it went through, so here
> it is again inline.
It looks like it does, even though mailman's
"Scrub attachments of regular delivery message?" is turned off..

(snip)
> This assumes that both sides have run some type of key-agreement
> protocol to establish a shared session secret.  I'm working on the key
> exchange part in a separate patch which will follow.
Out of curiosity, what sort of key exchange are you interested in?

> This code isn't yet tested, but should give a basic idea.
Only had a quick glance at it, looks nicely abstracted.
Will take a proper look later.

(I may move the crypto import stuff to where it is used to allow one to
build xpra without the crypto options - no biggie)

Cheers
Antoine




More information about the shifter-users mailing list