Basic Keystore Transference

[neruthes]

This article specifically focuses on the scenarios for mobile devices.

Data

The data object being subject to transferring is the keystore, which includes basically all persisting data, e.g. private keys, public keys, friends list, and certificates list.

Transference Media

AirDrop

With AirDrop, the keystore backup file can be transferred to an iOS device and be received by the Maskbook app on it. In this case, the keystore will be automatically imported.

In handling these conflicts, Maskbook shall retrieve latest information of the user or the post in order to determine which is correct; and this process should be asynchronous hence it will not suspend any on-surface operations.

QR

By transferring with QR code, the QR actually consist of an ephemeral private key, to which the whole keystore is ECDHE encrypted. As the receiving device acquires the ephemeral private key, it will be able to retrieve the ECDHE encrypted keystore file from a remote node in GUN. If we happen to move away from GUN in future, the same relay system should be employed.

This procedure includes several steps to be taken by the user:

• Rome: Enter Dashboard
• Rome: Select "Export Keystore"
• Rome: Select "Through QR Code"
• Paris:
  • Initialization: Select "Import Keystore"
  • General: Enter Dashboard and Select "Import Keystore"
• Paris: Scan the QR code on the screen of Rome
• Paris:
  • Successfully found the encrypted keystore: Show "Downloading..."
  • Successfully decrypted the keystore: Show "Imported 🎉"
  • Decryption failed: Show "Cannot decrypt keystore; please try again"
  • Download failed: Show "Cannot retrieve keystore; please try again"

Rome and Paris are names of the two devices.

Edge Cases

It is possible that the incoming keystore has conflicts with the current keystore. Conflicts may include:

• Conflicting private keys for the same persona
• Conflicting public keys for a friend
• Conflicting AES keys for a post
• ...

[neruthes]

This will need reviews by @yisiliu and @Jack-Works

[yisiliu]

• an ephemeral private key - shouldn't it be public?
• regarding the keystore conflicts. Why would there be conflicting AES keys for a post?

The rest looks fine. Can @Jack-Works estimate how large the database to be transferred will be. A rough number should be fine.

[neruthes]

• an ephemeral private key - shouldn't it be public?
• regarding the keystore conflicts. Why would there be conflicting AES keys for a post?

The rest looks fine. Can @Jack-Works estimate how large the database to be transferred will be. A rough number should be fine.

The session-only private key is being optically presented via QR. This is hardly safe, but might be an acceptable tradeoff with UX operation simplification, since the major threat is always Facebook instead of surrounding attackers in the Corpospace.

Post-specific AES keys may not conflict. I might overstated the necessity of handling this.