Hi,
(this is probably as much a crypto question as a golang question - apologies if this is considered slightly offtopic)
I'm looking for advice on how best to do authenticated encryption over a TCP connection.
The obviously default answer is to use TLS, but first I'd like to explain the scenario.
I require mutual authentication and no dependency on a certificate authority.
This will only be used to communicate between parties who have previously physically met, so exchanging public keys or similar in person is perfectly practical.
Still assuming TLS is the right answer, I think I need so use self signed certs, and exchange the certs in person, then configure TLS to use those certs somehow to validate at runtime.
I'm stuck on how to do that part. My problem is that TLS seems pretty hard to use in a less common scenario like mine, and I think it's likely I'd get this wrong without help.
I am tempted to build something simple using
golang.org/x/crypto/nacl/box which would appear much simpler, but as I understand it that would lack various desirable features of TLS.
Does anyone (ideally with a decent crypto protocols background) have a suggestion, or can point me to an example?
Thanks.
--
Martin.