0.0.16 • Published 4 years ago

js-polykey v0.0.16

Weekly downloads
1
License
Apache-2.0
Repository
github
Last release
4 years ago

Polykey (library)

Overview

js-polykey is the library used in the distributed secret sharing PolyKey app. You can find the actual application here. A polykey node is comprised of one or many Vaults to store Secrets. These vaults are encrypted with keys derived from the master private key. Secrets always remain encrypted on disk and are only decrypted in memory. All you need to connect with and share secrets with another keynode on the same local area network is it's public key, poykey takes care of discovery. Once connected, you can securely share vaults with each other and polykey will ensure those vaults are synced.

PolyKey requires a public/private keypair for all crypto operations, this can be provided to a pre-initialized KeyManager instance before polykey is initialized or it can be generated (this is the default).

Dependencies

The major dependencies of js-polykey are:

KeyManager

This class is responsible for managing the public and private keys as well as any crypto operations using those keys. The symmetric vault keys are also managed by this instance.

The KeyManager is able to be loaded separately to the PolyKey main class and then passed into PolyKey. This is useful for loading the keypair prior to initializing PolyKey.

Key Generation

The key manager class can generate new symmetric keys using key derivation and the loaded private key

Testing:

PolyKey uses jest to test:

The tests also rely on certificates being available in the tmp folder and environment variables set to a valid certificate authority run on the network somewhere. Please see .env.example for an example of these environment variables. Certificates can be generated with ./scripts/generate_ssl_certs.sh as long as a step-ca is running on the specified url in .env.

Note: sometimes grpc-js can complain about the ssl certificates in tmp/ with a non-descriptive error of "No connection established". Best way to solve this is to remove the certs, start the CA server and re-issue the certs with ./scripts/generate_ssl_certs.sh.

Command Line Interface (CLI)

Here is a demo of the CLI on asciinema.

The PolyKey CLI exposes various git-style sub commands that can be used to manipulate the PolyKey node:

Usage looks like the following:

PolyKey also exposes a helpful alias, pk, to make typing out commands a little quicker:

If you ever get stuck, every sub command has a help flag:

Config

With this command you can manipulate the configuration of PolyKey including changing the password, importing new private and public keys and changing the path to polykey.

Example usage:

You can also easily clear the config to start fresh:

If one of the required configuration parameters is missing from the config store, PolyKey will prompt you for it on the next command.

KeyManager

This command is used to interact with PolyKey's KeyManager. With this command you can generate new keys, import keys and more. TODO: add commands to interact with the keymanager

Node

The node sub command lets you control the daemon responsible for network operations.

TODO: add commands to interact with the node

Vaults

The vaults sub command lets you manipulate vaults, e.g. to list the existing vaults, add a new vault or destroy an old vault.

Command examples:

Secrets

The secrets sub command lets you manipulate secrets in a specific vault including to add new secrets, remove old secrets and modify existing secrets.

Command examples:

Crypto

The crypto sub command allows you to perform asymmetric cryptography operations (sign/encrypt/verify/decrypt) on files using the loaded public/prvate keypair. PolyKey signs and verifies files using a detached signature TODO: add encryption and decryption

Commands:
  sign [options]    verification operations
  verify [options]  signing operations

Command examples:

pk crypto sign ./file --signing-key='./my_priv_key' --key-passphrase='password'

# If no signing key is provided, polykey will use the loaded private key
pk crypto sign ./file


pk crypto verify ./signed_file --verifying-key='./my_pub_key' --detach-sig='./signed_file.sig'

# If no  verifying key is provided, polykey will use the loaded public key
pk crypto verify ./signed_file --detach-sig='./signed_file.sig'

Verbosity

TODO: explain verbosity levels when it is implemented

Build

Proto Files

All .proto files are stored in the the proto directory. JavaScript and type definition files are build using the following command:

npm run build:proto
secrets
@grpc/grpc-js@types/commander@types/configstore@types/inquirerasync-mutexchalkcli-progresscommanderconfigstorecore-jsencryptedfsexpressfutoin-hkdfgoogle-auth-librarygoogle-protobufisomorphic-gitkbpgpkeybase-botnode-forgeprotobufjsreadable-streamsocket.iothreadstwiliovirtualfszxcvbn
@everything-registry/sub-chunk-1977@zalastax/nolb-js-p
0.0.15

4 years ago

0.0.16

4 years ago

0.0.12

4 years ago

0.0.13

4 years ago

0.0.11

4 years ago

0.0.10

4 years ago

0.0.7

4 years ago

0.0.6

4 years ago

0.0.5

4 years ago