lakeman
commented
11 years ago If an added manifest contains a sender and recipient sid, and there is no crypt field, a crypt field is added and implicitly set to "1". Otherwise if crypt is not present, or crypt is "0", no encryption will currently take place.
If crypt is set to "1", a key and nonce will be derived from either the sender recipient pair, or the private key of the bundle. See our security document for more details https://github.com/servalproject/serval-docs/blob/master/serval-security-framework/ServalSecurityFramework.odt.
Extracting a file now requires the manifest id instead of the file hash so that the correct encryption key can be derived. If the bundle secret is required to derive the key, a keyring pin or bundle secret argument may need to be provided.
If you wish to extract the raw contents of an encrypted file you can use the new "rhizome dump file" command which takes a file hash argument as the extract file command used to do.
The Serval Mesh application has been changed to always provide a crypt value in the manifest for MeshMS message logs, this is set to "0" for messages sent to a broadcast sid and "1" for all others.
Build support for encrypted payloads into Rhizome, using the recipient's public key. The creator of a bundle must pass the clear payload content to the rhizome add command and must specify the recipient SID and a flag enabling/disabling encryption in the manifest using the recipient and crypt fields. Servald will encrypt the payload and store it encrypted. The payload hash will be computed from the encrypted form, so it can be verified by intermediate nodes. The servald rhizome extract file command will produce the clear payload by decrypting the payload, or will return an error if the recipient's identity is not available in the keyring.
This will then be used for all MeshMS bundles, to achieve truly private messaging.
@gardners wrote in an email 23 May 2012: