Today’s focus is going to be getting my C++ simple sample running on windows for send and receive. Mostly looking at just sending out the hostname and a few other similar items. May add in some other bits if time permits and might look at AES256GCM and HMAC SHA256 wrappers on a fixed key just as a starter.

I had considered using the GCM capability for validity checking in place of HMAC but after some more thought I realize that there are going to be places where peer key management needs unencrypted but verified information to be exchanged between peers.

That is for later but I want to start out in the right direction using standard, off the shelf approaches.

---

So initial version here has an unencrypted length followed by the IV for symmetric encryption and perhaps a key identifier followed by the length of the encrypted block. This allows messages with mostly or entirely unencrypted payloads to be sent. It also should support varied message layouts and provide some additional checking along the way. Not sure quite how to structure the IV inclusion or the key id yet.

Key id will probably be a SHA256 hash (or part of one) of the key material.

IV may be smaller than the whole IV and use off the shelf PBKDF2 key expansion to generate the actual IV.

There is going to be some tension between including everything at full size and keeping as much space within the usual UDP MTU available for actual message content.