Closed cryptix closed 3 years ago
How about this?
const ssbKeys = require('ssb-keys')
const ssbUri = require('ssb-uri2')
// make two keypairs for the two feeds
const keyMeta = ssbKeys.generate()
const keyMain = ssbKeys.generate()
// convert the metafeed keypair into an URI
const metaUri = ssbUri.compose({
type: 'feed', format: 'bendybutt-v1',
data: keyMeta.public.replace('.ed25519','')
})
// craft the announce message
const announce = {
type: 'metafeed/announce',
metafeed: metaUri,
tangles: {
metafeed: {
root: null,
previous: null
}
}
}
// sign the announce message
const signedAnnounce = ssbKeys.signObj(keyMeta, announce)
console.log("signed content")
console.log(signedAnnounce)
// to verify we need to plug the data from the metafeed uri
let metafeedParts = ssbUri.decompose(signedAnnounce.metafeed)
let pubKey = metafeedParts.data + '.ed25519'
const ok = ssbKeys.verifyObj(pubKey, signedAnnounce)
console.log(`verified? ${ok}`)
// now we would db.publich(signedAnnounce)
// which would properly create a ssb message and sign it with keyMain
const signedMessage = ssbKeys.signObj(keyMain, {
author: keyMain.id,
sequence: 42,
content: signedAnnounce
})
console.log("signed message")
console.log(signedMessage)
signed content
{
type: 'metafeed/announce',
metafeed: 'ssb:feed/bendybutt-v1/xShZwxnJ3NHOSxyfLOkRXPOJ6yvjmGICHmLI5wsdve8=',
tangles: { metafeed: { root: null, previous: null } },
signature: '4L/pkSxP6e4km2MwjgC1dGXMTNIiyDN3Y+bRTlHLIQralWgDttb1jtl02jlVTCbK3d6gHDWw3CQNicpmr7ATAA==.sig.ed25519'
}
verified? true
signed message
{
author: '@e57mRlF81l8MgakYShgdykeeibrzejbOjhdiT182R9o=.ed25519',
sequence: 42,
content: {
type: 'metafeed/announce',
metafeed: 'ssb:feed/bendybutt-v1/xShZwxnJ3NHOSxyfLOkRXPOJ6yvjmGICHmLI5wsdve8=',
tangles: { metafeed: [Object] },
signature: '4L/pkSxP6e4km2MwjgC1dGXMTNIiyDN3Y+bRTlHLIQralWgDttb1jtl02jlVTCbK3d6gHDWw3CQNicpmr7ATAA==.sig.ed25519'
},
signature: '+ixGcWkdUT8w5aduPS70b0qjPelssJK1NOtYsT1OcbppBaRzbiSHiWmHYS6h9L9EF+BJRUw2RYp02bhgmWMOCw==.sig.ed25519'
}
This is basically what https://github.com/ssbc/ssb-peer-invites did to proof control over the guest keypair.
cc @staltz @arj03
Sure that works, in my opinion. @arj03 I can make a PR to ssb-meta-feeds if you concur.
Looks good, much easier to understand from the example code :)
Oh and I can also patch the spec too.
Sorry but I just realized this is insufficient.
We need to add the main/subfeed and check that that equals the (outer) author of the message to protect against replays on other feeds.
Suggestions for the field name? content.subfeed
? content.main
?
Ah yes, nice spotting
My vote is for main, but not super tied to that decision
It's nice if it were always the same everywhere, i.e. content.metafeed
and content.subfeed
on bendy butt messages and also content.metafeed
and content.subfeed
on main feed messages. Principle of least WTFs.
My vote is for main
I must say that main
is really not a good term when looking forward to a world with multiple apps and content feeds. :-X
I vote for subfeed
for consistency, too.
subfeed it is then :)
Implemented in JS https://github.com/ssb-ngi-pointer/ssb-meta-feeds/pull/46
currently
type:metafeed/announce
is not signed by the metafeed