Skip to content

EncryptedChamber key rotation

Automatically rotate keys at a fixed interval

  • new keys should be sent using DH key exchange wrapped using previous key (prevent eavesdroppers getting access to new key, and ensure that if the old key is cracked the new key cannot be obtained from the exchange without also cracking the DH)
  • new key should be generated by a designated participant; maybe first ID alphabetically?
    • all participants should be able to agree on who is responsible for generating new key
    • distributed key generation, e.g. by n-participant DH, would be better (if possible? - maybe possible to derive DH keys from DH output, which could be used in a tree to eventually generate a new key after all participants share public keys; would also need to consider what happens if one participant loses connection, etc.)
  • new key should be distributed to all trusted participants and may need to be redistributed if one participant fails to receive it
  • keep old key for a short time to continue to decrypt old messages which are still in-flight
  • maybe wait a short time before encrypting messages with the new key to ensure all participants have had a chance to load the new key
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information