search

voleum-org / doc-viewer

0 stars 0 forks source link

Encrypted documents #6

Open EatThePooh opened 1 year ago

EatThePooh commented 1 year ago

Some documents are private. As IPFS-hosted files are accessible to anyone, that necessitates encryption. The proposal is to reuse Stellar signing keys like this:

  1. Upon creation, generate a symmetric encryption passphrase
  2. Encrypt the document with it
  3. Encrypt the passphrase with curve25519 keys obtained from given Stellar keys
  4. Save given Stellar keys in metadata together with the respectively encrypted passphrase
  5. In viewer, ask the user to input a Stellar secret key
  6. Decrypt the passphrase with a curve25519 derivation of it
  7. Decrypt the actual document and render it

https://stellar.stackexchange.com/questions/1694/how-can-i-do-asymmetric-encryption-and-decryption

EatThePooh commented 1 year ago

Given the need for authentication #4 and therefore client-server interaction, it becomes too bold to ask users for private keys. Could it be reasonable to factor out a document renderer that does absolutely nothing apart from fetching the doc, decrypting and rendering?