I am trying to establish an encrypted connection between two clients using a TcpStream on both sides. The following method will be executed on both clients. The decryption_key and encryption_key have already been exchanged using the dryoc::kx key exchange method as described here.
My questions is, if the method generate_streams is secure as I am sharing the header publicly. Can the encryption be compromised if a third party reads the header?
As both clients need the header of the other client to decrypt messages it seems to as if there is no other way than to share the header.
The DryocStream uses the xchacha20poly1305 protocol.
pub fn generate_streams(stream: &mut TcpStream, decryption_key: SessionKey, encryption_key: SessionKey) -> (DryocStream<Pull>, DryocStream<Push>) {
let (push_stream, mut header): (_, Header) = DryocStream::init_push(&encryption_key);
stream.write_all(header.as_slice()).unwrap();
stream.read_exact(header.as_mut_slice()).unwrap();
let pull_stream = DryocStream::init_pull(&decryption_key, &header);
return (pull_stream, push_stream);
}
