But it feels like there should be some official guide or maintained library for such a fundamentally important aspect of app development. Is there anything out there?
I don’t think this is actually possible without some out-of-band coordination.
VetKeys will help a bit, but you’re still going to have some hoop jumping.
Encryption can’t actually happen ON the IC because it exposes the data to nodes…but VetKeys will let you derive keys that can be shared to others so that they can decrypt data that was encrypted off the IC(like in your browser).
So sharing a todo would require alice to say:
I want to share with bob-princpal, derive me an alice-bob key that nodes can’t see. IC does so and sends it encrypted to Alice.
Alice encrypts todo with the alice-bob pub key part of the encrypted key and put it on the IC. Smart contract associates the todo with bob’s account.
Bob signs in and sees there is a to-do associated with his account.
Bob asks the contract if he can have the Alice-bob key. It checks the contract and returns bob an encrypted key that nodes can’t see.
Bob can decrypt the Alice-bob encrypted todo in his browser.
This all works because nodes generate these encrypted keys with t-ecdsa like functionality where non of them knows the whole private key. 1/3 of them could collude to regenerate it.
Note: This works for the alice only, log into any device pathway as well because it is based on the principle.
Yes looking at it seems like the best approach is client side- to create an asymmetric key pair in the browser (e.g. using Web Cryptography API) and store the private key locally and put the public key into a data structure in the canister that maps from identities → devices → public keys.
Which works but you would have to re-encrypt each ToDo for every device which I guess is why IC vault uses symmetric keys as well i.e:
Data is encrypted using symmetric shared secret
A shared secret is encrypted with the public key of each device and is stored in keyshare data structure.
It would be lovely if internet identities had associated public keys and could decrypt within the secure device. But looking at the webauth standard it only supports symmetric shared secrets.
Hey @CoolPineapple. You seem to have found the main existing resources that would help with such a project. Encrypted-notes will get you most of the way and VETKeys would make the key management easier but indeed there’s no standard library for such things.
Generally it would also be useful to become familiar with the Security Best Practices.
I can try over the next while to put some documentation together to describe basic architectures for some end-to-end use cases.
Feel free to drop other use cases that you’re interested in.
Hey @ais, I have a couple of questions to you &/ the cryptography team.
Is IC-Vault a previous iteration of Encrypted-notes?
Practically, the disclaimer on Encrypted-notes rules it out as a viable architecture unless mobile OS can be leveraged. For those who may be wondering, certain types of crypto apps, namely those that grant cryptos, aren’t allowed on Apple & Google stores, therefore browser-only clients of IC cannot leverage Encrypted-notes as is.
VetKD is going to be phenomenal, and I’m eager to use the flow mentioned above by @skilesare. Yet such great undertakings come with delays, it’s natural.
Meanwhile, can non-cryptographers like myself conclude that there’s not even a a hacky / poor-man’s Key-Encryption-Key that could be derived off of Internet Identity?
@franzstefan thanks for the pointer. Upon reading the “IC Vault Design.pdf” file, where it’s stated “To steal the shared secret an attacker has to gain access to the persistent local storage (to steal sk) and login via II (to obtain the encrypted shared secret). Alternatively, an attacker has to gain access to the persistent local storage (to steal sk) and collude with a node provider that hosts canister S.” I no longer have concerns on using this product in a browser-only environment. Kudos to the team who’s built and is maintaining it
