The goal is to have a client bootstrap process that makes it possible to just have credentials and the secureShare client binary to start up and use your secureShare account.
bootstrapping could look like this:
fire up the binary
enter your credentials
binary generates minilock keys from credentials
binary requests config and addressbook from the server
Here we need some authentication mechanism client to server.
I do see two approaches currently, which are
use minilock encryption
client askes to initiate session
up on request server generates a sessionID,
encrypts it with the client pubKey and send it to the client.
client uses sessionID for subsequent requests.
use SRP protocol
server and client could agree on a sessionID useing SRP (SecureRemotePassword) protocol
binary decrypts config and addressbook
binary saves config and addressbook to a local cache
binary uses data from cache in subsequent calls
This also means that the client binary:
needs to have a cache
should have a function to update the cache from the server
should have a function to update files on server from cache
In order to fix Issue https://github.com/scusi/secureShare/issues/3 the client needs to have a bootstrap mechanism that is just based on username and passphrase.
The goal is to have a client bootstrap process that makes it possible to just have credentials and the secureShare client binary to start up and use your secureShare account.
bootstrapping could look like this:
This also means that the client binary: