6.04 KB
Newer Older
1 2 3 4 5
title = "Authentication"
weight = "30"

6 7
The requirements for authentication are affected by the following requirements and aspects of the Indienet:

Aral Balkan's avatar
Aral Balkan committed
  * Indie sites/apps are federated personal web sites/apps, there is only a single owner that uses each site/app. (We do not have the concept of users and we do not need usernames.)

Aral Balkan's avatar
Aral Balkan committed
  * Private messages must be end-to-end encrypted (see [/site/engine/security](/site/engine/security) and [/other/spikes/security](/other/spikes/security))
11 12 13 14 15 16 17 18 19

  * Private messages must be accessible at any time in the future from the server from any authenticated client.

As such, the current plans for authentication are:

## Key Generation And Storage

  1. On first use, a private and public key keypair is generated on the client.

  2. The private key is symmetrically encrypted via a key generated using a strong password (we will recommend the use of a password manager). The encrypted private key is then sent to the server, along with the public key.

  3. An unencrypted copy of the private key is kept on the client – e.g., as an unextractable key via the WebCrypto API – (so the site owner doesn’t have to keep entering their password) but the encrypted private key can also be re-requested from the server at any time and from any client. (The private key is useless unless it is decrypted with the strong password set in Step 2.)

24 25
  4. The public key is also served at a well-known location on the server and is used by other clients to encrypt private messages for the owner of the instance.

Aral Balkan's avatar
Aral Balkan committed
  (We are currently spiking this out. See [/other/spikes/security](/other/spikes/security))
27 28 29 30

## Client authentication

  Client authentication for the REST and WebSocket APIs will use JWT with publickey authentication.
31 32 33 34 35

## Private Key Retrieval

  1. If the client doesn’t have a copy of the private key, it requests it from the server.

  2. The client decrypts the private key using the symmetric key generated from the owner’s strong password.
37 38 39

  3. It uses the decrypted private key to authenticate using public key authentication (see below).

## Future thoughts:

  * Would using a Service Worker to handle cryptographic functions in the browser have security advantages? (Keep an eye on [browser compatibility]( – once all evergreen browsers support this, let’s take a look.)

44 45
  * [ssb-horcrux]( An interesting apporach to key recovery with a Harry Potter twist (“Split your key into some number of parts, give those to trusted friends, and if your computer ever dies, you can re-create your private key.”) Also see: [Shamir’s Secret Sharing](

46 47
## General resources

Aral Balkan's avatar
Aral Balkan committed
48 49
  * [OpenCrypto]( OpenCrypto is a Cryptographic JavaScript library built on top of [WebCrypto API](

50 51
  * [Web Crypto Live Table](

  * [WebKit: Update on Web Cryptography]( “When developing with pure JavaScript crypto libraries, secret or private keys are often stored in the global JavaScript execution context. It is extremely vulnerable as keys are exposed to any JavaScript resources being loaded and therefore allows XSS attackers be able to steal the keys. WebCrypto API instead protects the secret or private keys by storing them completely outside of the JavaScript execution context.”

54 55
  * [Storing Cryptographic Keys in Persistent Browser Storage](

Aral Balkan's avatar
Aral Balkan committed
  * [WebCrypto API](

Aral Balkan's avatar
Aral Balkan committed
  * [WebCrypto examples](

60 61
  * [Cryptobench.js](

62 63
  * An older article (2013) by Alex Maccaw on [end-to-end encryption in web apps](

64 65
## Public Key Authentication

66 67
Note: we should keep in mind how Mastodon uses public-key authentication for message verification (see

68 69
### Resources

  * For a general guide on application of cryptography for developers, see the book [Serious Cryptography: A Practical Introduction to Modern Encryption](

72 73 74 75 76 77 78 79 80 81 82 83 84
  * [feathers-authentication-publickey]( “Public Key authentication strategy for feathers-authentication using Passport” ([Example.](

  * [passport-publickey]( “Passport strategy for authenticating using a public/private key pair to sign a nonce challenge.”

  * [passport-keyverify]( “Passport strategy for authenticating using a public/private key pair to sign a nonce challenge.”

  * [PiPo]( “A secure chat client with client side encryption written in NodeJS”

  * [Asymmetric Public / Private Key Encryption (RSA) in Node.js]( “” ([Code.](

  * [TripleSec]( “TripleSec is a simple, triple-paranoid, symmetric encryption library for a whole bunch of languages. It encrypts data with Salsa 20, AES, and Twofish, so that a someday compromise of one or two of the ciphers will not expose the secret.”

  * [JWT using RSA public/private key pairs (video)](

86 87
  * [Lib Sodium](

88 89
  * [node-http-signature]( “node-http-signature is a node.js library that has client and server components for [Joyent's HTTP Signature Scheme](”

## JWT