Skip to content

Commit

Permalink
improvments
Browse files Browse the repository at this point in the history
  • Loading branch information
paweljakubas committed Nov 16, 2023
1 parent d55032b commit c42044d
Show file tree
Hide file tree
Showing 3 changed files with 55 additions and 4 deletions.
4 changes: 2 additions & 2 deletions lib/wallet/api/http/Cardano/Wallet/Api/Http/Shelley/Server.hs
Original file line number Diff line number Diff line change
Expand Up @@ -3291,7 +3291,7 @@ decodeSharedTransaction
-> ApiDecodeTransactionPostData
-> Handler (ApiDecodedTransaction n)
decodeSharedTransaction ctx (ApiT wid) postData = do
let (ApiDecodeTransactionPostData (ApiT sealed) decryptMetadata ) = postData
let ApiDecodeTransactionPostData (ApiT sealed) decryptMetadata = postData
when (isJust decryptMetadata) $ error "not implemented"
era <- liftIO $ NW.currentNodeEra nl
(txinsOutsPaths, collateralInsOutsPaths, outsPath, pp, certs, txId, fee
Expand Down Expand Up @@ -3456,7 +3456,7 @@ decodeTransaction
-> Handler (ApiDecodedTransaction n)
decodeTransaction
ctx@ApiLayer{..} (ApiT wid) postData = do
let (ApiDecodeTransactionPostData (ApiT sealed) decryptMetadata ) = postData
let ApiDecodeTransactionPostData (ApiT sealed) decryptMetadata = postData
when (isJust decryptMetadata) $ error "not implemented"
era <- liftIO $ NW.currentNodeEra netLayer
withWorkerCtx ctx wid liftE liftE $ \wrk -> do
Expand Down
2 changes: 1 addition & 1 deletion lib/wallet/api/http/Cardano/Wallet/Api/Types.hs
Original file line number Diff line number Diff line change
Expand Up @@ -1203,7 +1203,7 @@ data ApiMultiDelegationAction
deriving anyclass NFData

newtype ApiEncryptMetadata = ApiEncryptMetadata
{ passphrase :: (ApiT (Passphrase "lenient")) }
{ passphrase :: ApiT (Passphrase "lenient") }
deriving (Eq, Generic, Show)
deriving (FromJSON, ToJSON) via DefaultRecord ApiEncryptMetadata
deriving anyclass NFData
Expand Down
53 changes: 52 additions & 1 deletion specifications/api/metadata-encrypt.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ In addition "Transactions New > Decode" HTTP endpoint is described in the contex
Encryption of metadata is optional and when chosen the metadata in transaction is to be encrypted
via AEAD scheme using ChaCha20 and Poly1305 (see [RFC 7539][ref]). PBKDF2 password stretching is used to get a 32-byte symmetric key
that is required for the adopted encryption algorithm. In detail, PBKDF2 encryption uses HMAC with the hash algorithm SHA512.
As a consequence the encrypted metadata, rather than raw, is going to be stored in blockchain.
As a consequence the encrypted metadata, not its raw version, is going to be stored in blockchain.

[ref]: https://datatracker.ietf.org/doc/html/rfc7539

Expand Down Expand Up @@ -48,6 +48,57 @@ Specifically:
Metadata encryption can be used for shared wallet style when calling `/shared-wallets/{walletId}/transactions-construct` endpoint with the same `POST` payload.
Example:
```
{
...
"encrypt_metadata":
{ "passphrase": "metadata-secret"
},
"metadata": {"1":"hello"}
...
}
```
will return
```
{
...
"metadata": {"0":"0x0aa4f9a016215f71ef007b60601708dec0d10b4ade6071b387295f95b4"}
...
}
```
Example:
```
{
...
"encrypt_metadata":
{ "passphrase": "metadata-secret"
},
"metadata":
{ "1": "Hard times create strong men."
, "2": "Strong men create good times."
, "3": "Good times create weak men."
, "4": "And, weak men create hard times."
}
...
}
```
will return
```
{
...
"metadata":
{ "0": "0x0aa4f9a016217f75f10834367493f6d7e74197417ca25c7615cae02bc345382906fb6990daf8f138b2d9192e057d0d0b555f9d5fb287abb1842928c90f26e597"
, "1": "0x559ee85f00f1588b3ee32e81dc4c84aee208a10c1eec97fffe6e0e66c69d4e0b1e3e22d7edc1618df3b20b484527d86bc3bebad4295a2ad888d034b5fec38077"
, "2": "0x8d42154f681230124c64630ea68b841aec22f0530ec830cb662d59ef423ef23d7ff3"
}
...
}
```
as metadata values have 64-byte limit. In that case the encrypted metadata is encoded in the successive bytes.
## Metadata decryption
2. Decoding transaction with encrypted metadata is possible by using the same passphrase as upon encryption in `encrypt_metadata` field. It is realized by calling `POST` on `/wallets/{walletId}/transactions-decode` endpoint with `POST` data:
Expand Down

0 comments on commit c42044d

Please sign in to comment.