Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: ESSR tunneling with KERIA API #304

Open
wants to merge 3 commits into
base: main
Choose a base branch
from

Conversation

iFergal
Copy link
Contributor

@iFergal iFergal commented Jan 17, 2025

This will require a new dev release after WebOfTrust/keria#351 is merged, but locally all the integration tests pass.

HTTP requests between Signify and KERIA are now wrapped/tunneled in ESSR (encrypted HTTP request inside the body of a signed wrapper HTTP request) for confidentiality and general improvements.

createSignedRequest can still be used to use the old method of signed headers in case any projects or extensions are using that for web interactions.

Copy link

codecov bot commented Jan 17, 2025

Codecov Report

Attention: Patch coverage is 99.21260% with 1 line in your changes missing coverage. Please review.

Project coverage is 84.01%. Comparing base (cddb007) to head (a214c0c).
Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
src/keri/app/clienting.ts 96.00% 1 Missing ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main     #304      +/-   ##
==========================================
+ Coverage   83.64%   84.01%   +0.36%     
==========================================
  Files          48       48              
  Lines        4238     4328      +90     
  Branches     1042     1064      +22     
==========================================
+ Hits         3545     3636      +91     
+ Misses        663      662       -1     
  Partials       30       30              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@edeykholt
Copy link

@iFergal Great to see this security hardening!

Since Authenticater / Authenticator is exported and its spelling changed, this might suggest a version change?

Note that WebCrypto in Chrome browser will soon support X25519, so when that's available, it might be a more performant alternative to libsodium when signify-ts is used in browser extensions. Could be a separate backlog item to abstract the crypto library interface.
[X25519 algorithm of the Web Cryptography API](https://chromestatus.com/feature/6291245926973440)

@iFergal
Copy link
Contributor Author

iFergal commented Jan 19, 2025

@edeykholt The 0.3.0 branch was cut recently, so this will be on the next version anyway.

Regarding web crypto, this is great to see but we need more than just X25519 from libsodium. crypto box seal from libsodium provides the hybrid public key encryption described in the SPAC paper.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants