*** Sagar Acharya [2023-10-15 17:22]:
>I don't need signing, just encryption.
Are you aware that "just encryption" is practically useless, if it does
not authenticate transmitted data somehow? By MAC, by AEAD, by signature,
but with "just encryption" malefactor in many cases can alter your data
without you noticing it at all.
>I said, what I want to do. Within wireless space, I want to trasmit a packet with a fixed header and encrypted data packet.
Fire up any kind of VPN. IPsec, WireGuard, whatever. They can
transparently secure you IP traffic. IPsec (ESPv3) will literally has
its own ESP-header that will carry encrypted+authenticated plaintext IP
packet.
>I saw, ec cryptography is just signing, will not work.
No it is not only for signing. At least it is also for key agreement.
If you do not trust WiFi/Bluetooth/public-Ethernet security/encryption
(that is completely sane and understandable), then just start VPN over
that insecure channel. IPsec (ESP with AEAD ciphers (ChaCha20-Poly1305
or hardware accelerated AES-GCM) + IKEv2 with *25519 key agreement
algorithm) or WireGuard are the fastest in nearly all cases. If you do
not want to set any kind of IP addresses manually (or by SLAAC/DHCP*),
then (at least) WireGuard can work over IPv6 link-local addresses
without any problems (I do it).
--
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: 12AD 3268 9C66 0D42 6967 FD75 CB82 0563 2107 AD8A
Received on Sun Oct 15 2023 - 14:04:25 CEST