I have a chat system where multiple clients communicate securely using Libsodium authenticated encryption.
Every client have their own 32 byte key pair. If two clients want to communicate they first share their public key out of band and then use e.g. crypto_box_easy
for encryption.
I want to create a service that allows a client to vouch for another clients public key using signing.
However, public-key-signatures using Libsodium requires 64 byte signing keys and for practical matters I would like to not introduce a second key pair.
So I was thinking if it was cryptographically sane to use crypto_box_easy
to sign stuff by encrypting to a public known key pair? Following pseudocode exemplifies how this would work when Alice wants to vouch for Charlie and Bob reads the message.
On Alice's client:
message = "trust: \"pkCharlie\""
message_hash = secureHash(message)
ciphertext = crypto_box_easy(message_hash, nonce, skAlice, pkPublic)
Alice can now store the message, nonce and ciphertext somewhere public and Bob can later read it and verify its authenticity and integrity
message = "trust: \"pkCharlie\""
message_hash = secureHash(message)
decrypted_message_hash=crypto_box_open_easy(ciphertext, nonce, pkBob, skPublic)
if ( message_hash == decrypted_message_hash ) return true;
Is this approach safe or am I missing something critical?