Exploring Cryptographic Implementations in OpenZiti for Enhancing Security

nise · February 18, 2024, 4:02pm

Hi everyone,

I'm delving into the cryptographic aspects of OpenZiti. I'm interested in understanding the current cryptographic implementations within OpenZiti.

Could anyone share insights or direct me to resources on the following:

Current Cryptographic Framework: What cryptographic methods does OpenZiti currently employ? How are these methods integrated within the system?

Cryptographic Modules: Could someone point me to the files or modules within the OpenZiti codebase that are primarily responsible for implementing cryptographic functions? I am interested in both the encryption/decryption mechanisms and how cryptographic keys are managed.

Thank you for your time and assistance!

TheLumberjack · February 18, 2024, 4:07pm

OpenZiti has end to end encryption provided by "lib sodium". see: Key Concepts | OpenZiti
and Connection Security | OpenZiti

libsodium uses ChaCha20-Poly1305 - ChaCha20-Poly1305 - Libsodium documentation

It's in a myriad of SDKs. I'd start by looking at the c sdk, the go sdk, etc.

OpenZiti also support mutual TLS between nodes so it's not just the end to end encryption that's useful to understand, you'll also want to look at the code for how links form between routers as well as how SDKs attach to edge routers.

hth

Topic		Replies	Views
How to Begin Implementing Quantum-Safe Zero Trust Security for Cyber-Physical Systems with OpenZiti? Ziti Overlay	3	20	November 13, 2024
Open ziti for beginner	4	77	October 14, 2024
Ziti TV Jun 07 2024 - OpenZiti PKI Exploration @11AM ET/1500UTC Ziti TV	2	34	June 7, 2024
Kerberos and OpenZiti Integration	3	143	March 17, 2024
Condensing Ziti into a nutshelll Ziti Overlay	7	179	September 10, 2023

Exploring Cryptographic Implementations in OpenZiti for Enhancing Security

Related topics