search

ArweaveTeam / arweave-js

Browser and Nodejs client for general interaction with the arweave protocol and gateways
MIT License
593 stars 129 forks source link

Easy signing of data and files #16

Closed oritwoen closed 5 years ago

oritwoen commented 5 years ago

As a programmer and a normal person who uses the capabilities of Arweave, I would like to be able to easily sign data, including graphic or video files.

Currently, there is no function that is responsible for just signing the data (at least from what I have noticed) but only signing the transaction.

I suggest creating a special class where it will be possible to sign data in text format as well as files.

Draft example

Create

let write = await arweave.signatures.create({
    key: 'TheSignerPrivateKey',
    address: 'the address of the person who will be able to read the data',
    data: ['./image.png', './video.mp4', 'document.pdf', 'buffer or data string']
});

Read

let read = await arweave.signatures.read({
    key: 'TheReceiverPrivateKey',
    data: 'Hash of previously signed data',
    path: 'Data storage path (if files)'
});

The way it works

  1. The data signing function checks what type of data is entered and formats it appropriately for writing, and contains appropriate meta tags.
  2. Properly formatted data is stored and sign in the sender's private key - see only for the receiving person. The appropriate hash is created.
  3. The receiver using the read function and his private key decodes the data that has been saved for him. The function also automatically checks what data it is and if it's files (pdf, mp4, png etc) it stores them in the right form in the given path.

Benefits

Implementation

I'm starting to work on it and PR will appear soon. If someone wants to help me, I will always be grateful for TIP to the addresses below :D I invite you to discussions and suggestions.

ETH: 0xCf44E2Ae6f68a0412D52ABdb6B41A4A59e2E3306 AR: KTcbsn6vg1Ud5ZDSKgbYisc7SVBsalkJprsQtGNjVN8

samcamwilliams commented 5 years ago

Sounds interesting!

What do you think @arweave-kyle ?

arweave-kyle commented 5 years ago

Hey @ririen, are we talking about signature generation and verification, or public key encryption and decryption?

Currently the library allows fo signing of arbitrary data

import Arweave from "arweave/web";

const instance = Arweave.init({ protocol: "https", host: "arweave.net",port:443});

await arweave.crypto.sign(jwk, data);

await crypto.verify(publicKey, data, signature);

The typescript definitions for these methods are


  sign(jwk: JWKInterface, data: Uint8Array): Promise<Uint8Array>;

  verify(
    publicModulus: string,
    data: Uint8Array,
    signature: Uint8Array
  ): Promise<boolean>;

https://github.com/ArweaveTeam/arweave-js/blob/master/src/common/lib/crypto/crypto-interface.ts

Would you want a different interface for this, or is there a use case it doesn't work well for?

oritwoen commented 5 years ago

@arweave-kyle Yes, there is a function of signing the data you mentioned. However, for users creating new internet and peramwebs are a little limited. If someone is involved in programming and knows how to do it, he will develop it properly in his own app. However, novice users may have a problem with converting relevant data so that they can be signed appropriately.

What I am aiming at is creating a class that changes the file data from the path automatically and signs it. And then it automatically checks them, determines the format and writes to the path. Currently, the user himself must write functions that change the image / video or other materials to the appropriate formats and then use the signing.

After entering my PR, just give someone the path to the image / video or other material and the library will generate the appropriate signature. I will also decode this signature as a corresponding file on the server / computer itself.

Currently:

  1. If the user wants to send a file to another user - he has to write the appropriate functions that format the file to the level where he can sign it and receive the signature.
  2. The receiver receives a signature but to get to the file must write appropriate functions that will save the decoded signature as a file.

After my PR:

  1. The user gives the path to the file, receives the signature.
  2. The user gives the signature and gives the path to write. He receives the file on his server / computer in the given path.
arweave-kyle commented 5 years ago

Hey @ririen, as the current library already allows for signing of arbitrary data and it sounds like the priory use case for this would be for off-chain purposes, I think it might make sense to create a new library for such a use case.

You could use the library arweave-js library as a dependency in a new library and then you'd only have to implement what's necessary for the use case.

The arweave-js library currently runs in node and browsers, so I think it might get a bit fussy to get a consistent api for browsers and node if its interacting with the file system with lots of assumptions.

Let me know what you're thinking about how to continue.

Thanks!

arweave-kyle commented 5 years ago

Hey @ririen -- just doing some housekeeping so I'll close this issue for now as it's inactive. Feel free to reopen if you have any more feedback or questions, thanks!

paulfears commented 2 years ago

How do I get the public key from jwt?