search

readium / kotlin-toolkit

A toolkit for ebooks, audiobooks and comics written in Kotlin
https://readium.org/kotlin-toolkit
BSD 3-Clause "New" or "Revised" License
180 stars 77 forks source link

Decryption of license user data (email, name) with user key (not content key) #205

Open danielweck opened 4 years ago

danielweck commented 4 years ago

The current LCP lib API (findValidPassphrase(), createContext(), decrypt()) is very minimal, and as far as I know does not support decrypting buffers that are encrypted with the user key (only those encrypted with the content key). In this Kotlin implementation, is there support for encrypted user email / name license fields?

danielweck commented 4 years ago

Related issue: https://github.com/readium/swift-toolkit/issues/147

llemeurfr commented 4 years ago

The question is: is it required to read encrypted user information in client apps? The main goal of embedding such information is IMO social DRM. So yes it would be good to be able to show it to the user in his client app, but is it required? The provider of the LCP license is the main interested party for this information after all.

danielweck commented 4 years ago

Thanks Laurent. There is indeed a UX problem too.

But here I wanted to ask purely about the technical aspects, because this seems to be a major difference with the Readium "1" LCP lib (readium-lcp-client):

https://github.com/readium/readium-lcp-client/blob/06e26e712aa584daf200b5d2c2f3699433c9cde9/src/lcp-client-lib/UserLcpNode.cpp#L80-L95

https://github.com/readium/readium-lcp-client/blob/06e26e712aa584daf200b5d2c2f3699433c9cde9/src/lcp-client-lib/CryptoppCryptoProvider.cpp#L409-L440

In Readium "2", we only have the equivalent of:

https://github.com/readium/readium-lcp-client/blob/06e26e712aa584daf200b5d2c2f3699433c9cde9/src/lcp-client-lib/CryptoppCryptoProvider.cpp#L442-L475

danielweck commented 4 years ago

So, r2-lcp-swift does not implement support for this. This is not implemented in r2-lcp-js either, as it is currently technically impossible (this would require C++ code modifications / additions in the public API of the LCP native lib)

danielweck commented 7 months ago

This is now available in the C++ LCP lib and its accompanying platform-specific wrappers (iOS/Swift/ObjectiveC and Android/Kotlin/JNI and Electron/NodeJS) as a new API function aptly-named getSupportedLCPProfileURIs that returns a vector/array/list of strings (i.e. LCP profile URIs). The new LCP lib with its increase API surface area hasn't started shipping yet, but integrators will be in the loop. In fact there will also be a new decryptField function very similar to decrypt but for LCP license email/name/etc. fields which are encrypted with the user key, unlike resources (e.g. HTML/CSS/image files) which are encrypted with the content key.

qnga commented 7 months ago

Thanks! I reopen the issue because we need to implement wrappers around these new features.