5 Way HAND : AES AlaML-KEM Falcon DES5 00:33 20/10/2024 https://is.gd/ECH_TLS

5 Way HAND : AES AlaML-KEM Falcon DES5 00:33 20/10/2024 - 2018 Rupert S

4 Key DES is in principle the timed exchange ok keys, Now as you know with ECH Enhanced Client Hello (Cloudflare - NIST - Standards W3 - RS),

As you may know an open secret is exchanged first before a security certificate; The exchange protocol:

Exchange protocol:

Preliminary contact protocol:

PSK Pre Share Key (through DNS, Preferable Auto from Registered DNS & Cloud Provider)
DES5, ECC, : ML-KEM, AES

ECC & DES3/5

Insertion of certificate verified key exchange with verified return stub key (verified against contact key)

3 to 5 minute timed; multiple /dev/RND stub key exchanges to change pattern..

Variable 3 Port timed; 1 to 3 ports transmission from source to end point,
To stop port flooding, single arrival port.

Exchanges between server & client to involve multi round pollinated STUB Certificate exchange & use.

ECC & DES3/5

Represents Stub Certificate exchange:

----+++++-----+++++---
-----++---+++---+++---
++++---+++---+++---+++

Rupert S

******** Reference Material :>

Session EEC/RSA/AES/Encryption Key Connection Protector - Certificate (c)RS + Reward welcome

The 1024/2048/4096 cert spawns the EEC cert pair as elliptic Curves  based on the primary...
the curve cert is responding through TLS and QUIC to the eec key,
Formed temporarily from the local public key & or user certificate!

The computation of verification comes from the ability of the connection,
To provide several versions of the certificates EEC temporary cert (lasts one hour for example)
multiple EEC cert variants all come from a common root cert,

Therefore the server and user can talk enciphering both ways in a complex manner,
That is complex to spy apon.

The same methodology produces verifiable source certificates of sizes 512 to 8192(For example)
That can then do RSA and AES and other cyphers from larger base certificates,
Also same size hashed & cyphered Cryptographic pairs.

Hence the use of a hidden session cooky :

(AES:RSA Encrypted and temporarily anonymously  IP Locked - refreshed on ip change (for ISP changes to ip)

This is very important, also user anonymous certificates! equates a temporary,
Subcert & session ECC Elliptic Curve

Such is the way that a local P11 Connection can make a local temp session EEC Elliptic RSA AES

(Copyright) Rupert S

https://science.n-helix.com/

I suggest the cloud UID for verification HMac or a constant sent to the user per day/Session..
Frankly if the code AES we use is in plain script people could spy it..
I think spies do spy cookies & they do steal logins this way!

HMAC the AES of the UID code or send an AES/HMAC code inside a personal JS,
That echo's the cloud key for decryption; A Worker..

The communication with the server JS Security Encipher would most certainly..
Make hacking the Security EEC Server Certificate communications very hard to accomplish.

Cloud edge JS Encode to a local worker & from the local worker to edge & server.

The process in called Dual Edge Encrypt Factor : DE²F

Interesting code for security https://developers.cloudflare.com/workers/examples/signing-requests

Reference: https://drive.google.com/file/d/1WmhMcCZZjDI4pKnQsccvaf4RdquhPPs8/ https://is.gd/ECH_TLS

https://is.gd/DictionarySortJS
https://is.gd/UpscaleWinDL
https://is.gd/HPC_HIP_CUDA

https://is.gd/UpscalerUSB_ROM

https://is.gd/OpenStreamingCodecs

********* Really 2018, But really DES3 1980's************

'virtio-crypto: implement RSA algorithm'
Hardware Drive & System RAM 'DES 4 Key 64Bit & 128Bit AES & PolyChaCha & the Chinese one'

for protocols a very good idea & not CPU intensive>

Is 64Bit AES Even supported in crypto hardware : https://lkml.org/lkml/2022/3/1/1428

64Bit 4 Key is a potential with DES & may well work far faster than 128Bit (64 Bit processors)
In the case of HDD Drives & VM Drives may be transparent..Offers security:
1 key per drive layer : 4 Platters = 4 Keys
16 Platters = 8 Keys or 4 Keys
(c)RS 2022

https://bit.ly/VESA_BT

---

Support rsa & pkcs1pad(rsa,sha1) with priority 150.

Test with QEMU built-in backend, it works fine.
1, The self-test framework of crypto layer works fine in guest kernel
2, Test with Linux guest(with asym support), the following script
test(note that pkey_XXX is supported only in a newer version of keyutils):
- both public key & private key
- create/close session
- encrypt/decrypt/sign/verify basic driver operation
- also test with kernel crypto layer(pkey add/query)

All the cases work fine.

rm -rf *.der *.pem *.pfx
modprobe pkcs8keyparser # if CONFIGPKCS8PRIVATEKEYPARSER=m
rm -rf /tmp/data
dd if=/dev/random of=/tmp/data count=1 bs=226

openssl req -nodes -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -subj "/C=CN/ST=BJ/L=HD/O=qemu/OU=dev/CN=qemu/emailAddress=qemu@qemu.org"
openssl pkcs8 -in key.pem -topk8 -nocrypt -outform DER -out key.der
openssl x509 -in cert.pem -inform PEM -outform DER -out cert.der

PRIVKEYID=cat key.der | keyctl padd asymmetric test_priv_key @s
echo "priv key id = "$PRIVKEYID
PUBKEYID=cat cert.der | keyctl padd asymmetric test_pub_key @s
echo "pub key id = "$PUBKEYID

keyctl pkeyquery $PRIVKEYID 0
keyctl pkeyquery $PUBKEYID 0

echo "Enc with priv key..."
keyctl pkeyencrypt $PRIVKEYID 0 /tmp/data enc=pkcs1 >/tmp/enc.priv
echo "Dec with pub key..."
keyctl pkeydecrypt $PRIVKEYID 0 /tmp/enc.priv enc=pkcs1 >/tmp/dec
cmp /tmp/data /tmp/dec

echo "Sign with priv key..."
keyctl pkeysign $PRIVKEYID 0 /tmp/data enc=pkcs1 hash=sha1 > /tmp/sig
echo "Verify with pub key..."
keyctl pkeyverify $PRIVKEYID 0 /tmp/data /tmp/sig enc=pkcs1 hash=sha1

echo "Enc with pub key..."
keyctl pkeyencrypt $PUBKEYID 0 /tmp/data enc=pkcs1 >/tmp/enc.pub
echo "Dec with priv key..."
keyctl pkeydecrypt $PRIVKEYID 0 /tmp/enc.pub enc=pkcs1 >/tmp/dec
cmp /tmp/data /tmp/dec

echo "Verify with pub key..."
keyctl pkeyverify $PUBKEY_ID 0 /tmp/data /tmp/sig enc=pkcs1 hash=sha1