private-group-spec
Advanced tools
Comparing version 1.1.2 to 1.1.3
@@ -13,3 +13,3 @@ # Direct messages | ||
One example of these combined recps is when adding a new member to a group with a `grou/add-member` msg. | ||
One example of these combined recps is when adding a new member to a group with a `group/add-member` msg. | ||
Here you have recps = `[group_id, feed_id, feed_id, ...]` (NOTE `group_id` must be in first slot, and can | ||
@@ -26,5 +26,5 @@ be followed by up to 15 other `feed_id` - the people you're adding). | ||
The two cases | ||
- **A. Foreign case** - mapping some elses `feed_id` to `recp_key` | ||
- **B. Self case** - mapping our own `feed_id` to `recp_key` | ||
The two cases: | ||
- **A. Foreign case** - mapping some elses `feed_id` to `recp_key` | ||
- **B. Self case** - mapping our own `feed_id` to `recp_key` | ||
@@ -31,0 +31,0 @@ ### A. Foreign case - mapping _some elses_ `feed_id` to `recp_key` |
{ | ||
"name": "private-group-spec", | ||
"version": "1.1.2", | ||
"version": "1.1.3", | ||
"description": "a spec for private groups in scuttlebutt, using envelope encryption", | ||
"main": "index.js", | ||
"scripts": { | ||
"test": "node test.js" | ||
}, | ||
"repository": { | ||
@@ -22,7 +25,3 @@ "type": "git", | ||
}, | ||
"homepage": "https://github.com/ssbc/private-groups-spec#readme", | ||
"scripts": { | ||
"test": "node test.js" | ||
}, | ||
"readme": "# Private-Groups Spec | v1.0.0\n\nA specification for implementing private groups in scuttlebutt.\n\nThe fundamentals of this spec are:\n\n1. uses _envelope_ for encryption of content\n2. has group_ids which are safe to share publicly\n3. adding people to the group is done with group's knowledge\n4. supports disclosing of message content\n - **but this leaks info about the group** (peak at other messages / authors)\n\n## envelope encryption in scuttlebutt\n\nIn adition to the envelope-spec, there are some scuttlebutt-specific specifications\n\n[See spec here](./encryption/README.md)\n\n\n## recipient key derivation\n\nbox1 took feedIds from the `content.recps` field and directly used these for encryption.\n\nIn envelope, we instead take \"ids\" from `content.recps`, and map each to a key+scheme pair `{ key, scheme }` where\":\n- `key` is the encryption key which will be used in a `key_slot`, and \n- `scheme` is the \"key management scheme\" which that key is employing\n\nType of id | How `key` is derived | `scheme`\n----------------------|----------------------------------------------------|-----------------------------------------\nprivate group id | [a key-store](./group/group-id/README.md) | \"envelope-large-symmetric-group\"\nfeedId (someone else) | [diff-hellman styles](./direct-messages/README.md) | \"envelope-id-based-dm-converted-ed25519\"\nfeedId (yours) | [locally stored key](./direct-messages/README.md) | \"envelope-symmetric-key-for-self\"\nP.O. Box id | [diffie-hellman styles](./po-box/README.md) | \"envelope-id-based-pobox-curve25519\"\n\nsee `key-schemes.json` for the canonical list of accepted schema labels\n\n### recipient restrictions\n\nWe talk about `key_slots` or recipients / `recps` a little interchangeably.\nLet's assume `content.recps` are mapped to `key_slots` preserving their order.\n\n:warning: The following restrictions must be followed :\n\n1. there are max 16 slots on a message\n2. if there is a group key\n - a) there is only 1 group key\n - b) the group key is in the first key_slot\n3. we disallow you from making a shared DM key with yourself\n\nMore detail:\n- (1) means all implementations know to look 16 slots deep when trying to unbox the msg_key\n- (2.a) provides a guarentee that infomation is not leaked across groups, in particular tangle info would leak info about group memember as these ids are not cloaked in this version\n- (2.a + 2.b) means we that we only need to try group keys in the first slot. If that fails, we can try DM keys on slots 1-16. (nice and fast!)\n- (3) is a tight restriction which we think will help people write better apps\n - it's a step towards forward security\n - if you want to send to self, it encourages people to mint a group, which is a better practice when moving to support multi-device identities\n - _we may relax this restriction when we have more experience_\n\n## group management\n\nA minimal amount of agreement to make coordination easier:\n- [creating a new group](./group/init/README.md)\n- [adding someone to your group](./group/add-member/README.md)\n\n\n---\n\n## TODO\n\ndescribe\n- how all these things might be woven together\n- where state is tracked off-chain (in a key-store)\n\n\n## scuttlebutt private-groups spec (v2)\n\nCould modify this spec:\n1. - same\n2. - same\n3. - same\n4. supports privacy fiendly disclosing of message content\n - all internal cypherlinks are \"cloaked\"\n\n" | ||
} | ||
"homepage": "https://github.com/ssbc/private-groups-spec#readme" | ||
} |
@@ -23,3 +23,3 @@ # P.O. Box messaging | ||
When I see a `pobox_id` listed in `content.recps`, I derive a key for the envleope key_slot like so: | ||
When I see a `pobox_id` listed in `content.recps`, I derive a key for the envelope key_slot like so: | ||
@@ -45,3 +45,3 @@ ```js | ||
If you are _encrypting_ a message to a P.O. Box, `x` is your feed, and `y` is the P.O. Box | ||
If you are _encrypting_ a message to a P.O. Box, `x` is your feed, and `y` is the P.O. Box. | ||
If you are _decrypting_ a message that was sent to a P.O. Box `x` is the P.O. Box, and `y` is the message author. | ||
@@ -56,3 +56,3 @@ | ||
- `sort` means sort these 2 buffers bytewise so that the smallest is first | ||
- `slp.encode` is "shallow length-prefixed encode" (see [SLP][SLP]) | ||
- `slp.encode` is "shallow length-prefixed encode" (see [SLP]) | ||
- `bfe.encode` is bfe encoding of the encryption key, here with `type: 3, format 1` (see [BFE]) | ||
@@ -145,2 +145,3 @@ | ||
``` | ||
If the encrypted message is one I sent, I can decrypt it by: | ||
@@ -155,4 +156,6 @@ - trying my `own_key` on all slots of the envelope | ||
- if success, then this was a message to/ from a P.O. Box I have keys to | ||
``` | ||
[BFE]: https://github.com/ssb-ngi-pointer/ssb-bfe-spec | ||
[ssb-uri]: https://github.com/ssb-ngi-pointer/ssb-uri-spec | ||
[SLP]: https://github.com/ssbc/envelope-spec/blob/master/encoding/slp.md |
23
test.js
const fs = require('fs') | ||
const path = require('path') | ||
const TF = { | ||
encryptionKeys: { | ||
dm: Buffer.from([3, 0]), // box2-dm-dh | ||
poBox: Buffer.from([3, 1]) // box2-poBox-dh | ||
} | ||
} | ||
print(underline('Test vectors')) | ||
@@ -15,2 +22,14 @@ newline() | ||
isTrue(isObject(vector.input), 'input') | ||
for (const key in vector.input) { | ||
if ( | ||
key === 'my_dh_secret' || | ||
key === 'my_dh_public' || | ||
key === 'your_dh_public' | ||
) isTrue(isTypeFormat(vector.input[key], TF.encryptionKeys.dm), key + ' is dm key') | ||
else if ( | ||
key === 'po_box_dh_public' | ||
) isTrue(isTypeFormat(vector.input[key], TF.encryptionKeys.poBox), key + ' is poBox key') | ||
} | ||
isTrue(isObject(vector.output), 'output') | ||
@@ -35,2 +54,6 @@ } catch (err) { | ||
} | ||
function isTypeFormat (str, typeFormatBuffer) { | ||
return Buffer.from(str, 'base64').slice(0, 2) | ||
.equals(typeFormatBuffer) | ||
} | ||
function isTrue (bool, msg = '') { | ||
@@ -37,0 +60,0 @@ bool |
@@ -8,9 +8,9 @@ { | ||
"my_feed_id": "AADXDOY5Isl/kWTPOYAryv6lTcDlCQnHb8a35mDCCSILSQ==", | ||
"po_box_dh_public": "AwAIFlU+iztEMB7eLSP6fZtpqdt5DFemgSmvqaGbx8I4ZQ==", | ||
"po_box_dh_public": "AwEIFlU+iztEMB7eLSP6fZtpqdt5DFemgSmvqaGbx8I4ZQ==", | ||
"po_box_id": "BwAIFlU+iztEMB7eLSP6fZtpqdt5DFemgSmvqaGbx8I4ZQ==" | ||
}, | ||
"output": { | ||
"shared_key": "1Tecw3JE+H1ng+HQAwQX2apkNHsfiTlHYdLQJMWXGfY=", | ||
"shared_key": "V5fA4gnTm5qaa8FKPJk4SFQbmqVmh9MUKW9B4ZSLrZk=", | ||
"key_scheme": "ZW52ZWxvcGUtaWQtYmFzZWQtcG9ib3gtY3VydmUyNTUxOQ==" | ||
} | ||
} |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
375
0
43876