Open neruthes opened 4 years ago
I have considered that feature, I think it is good but maybe hard to accomplish in the current Maskbook architecture.
When Maskbook encrypting to people, it needs to do multiple times of encryption (for every recipient, at least 1 encryption), IDK if the user needs to press yubikey N times to complete the process. If so, the UX is not too good IMO.
They will need to press the key each time they need to authorize encryptions. We still need to work on our own hardware device to match our needs.
I see. YubiKey will need to be used O(N) times when decrypting all Recipient-Specific PostKey Envelope payloads. Unless we can implement a feature which allows Maskbook to recognize some feature of the desired Recipient-Specific PostKey Envelope payload before passing it to YubiKey.
I imagine it this way:
KDF(Alice.pub, Bob.pub, PostIV, ECDH(Alice.pri, Bob.pub))
.ECDH(Alice.pub, Bob.pri)
which is identical to ECDH(Alice.pri, Bob.pub)
. The Maskbook installation on the machine of Bob can use the metadata of the Post to determine the RecipientFeature for Bob, hence reducing the total attempts of decryption to 1 for YubiKey.Bob.pub
out of the RecipientFeature.This is based on the following assumptions:
Host the keypair of a Persona in external devices (e.g. Yubikey). Maskbook queries the external device to perform signature and decryption operations.