feat(2631): Encrypt all message contents and reduce size of encryption #2749
Conversation
| @@ -30,3 +31,8 @@ export type DecryptedPayload<T> = { | |||
| contents: T | |||
| isValid: boolean | |||
| } | |||
|
|
|||
| export type TruncatedSignedEnvelope = { | |||
There was a problem hiding this comment.
TruncatedSignedEnvelope is sort of a mouthful, and not really descriptive to what this object is. We might as well just call this object Signature, but also, I don't think I really agree with this object existing independently at all. For one, just having the SignedEnvelope type makes more sense because it ensures the signature and the contents it is signing stay together reducing the chance of somehow later creating a mismatched pair of signature and contents. Also, these types are all sort of just recreating the LFA native types with new types. Why not just use the types that the library provides/returns?
There was a problem hiding this comment.
Changed name to Signature.
| context: LocalUserContext, | ||
| failOnInvalid = true | ||
| ): DecryptedPayload<T> { | ||
| const isValid = this.verifyMessage(signature) | ||
| const fullSig: SignedEnvelope = { |
There was a problem hiding this comment.
See, here we're just recomposing the type we broke apart earlier in order to fit the verifyMessage typing. We could just maintain the shape throughout.
There was a problem hiding this comment.
I updated this because using the types that LFA uses means we have the encrypted contents written twice to orbitdb. It's fine when we're just passing it around in memory but since the encrypted contents are usually the largest part of the object it's a pretty big increase in storage space/network bandwidth.
There was a problem hiding this comment.
A possible alternative is to combine the two types so we end up with
{
"contents": <encrypted data array>,
"recipient": <info on which key data was encrypted with>,
"signature": <signature string>,
"author": <info on which user's key was used to sign>
}
We probably wouldn't even need to decompose into the original LFA types since this would have the requisite fields for both the signature and the encrypted payload.
There was a problem hiding this comment.
Actually, thinking more about this, we should be signing the raw message instead of the encrypted which changes things a bit.
There was a problem hiding this comment.
Alright, I kept the same decomposed type but now its the raw message that's signed.
#2749) * Encrypt all message contents and reduce size of encryption * Sign raw message contents * We don't need verifyMessage anymore
Decrypted Message
Encrypted Message
Fields From Message that are Encrypted
Pull Request Checklist
(Optional) Mobile checklist
Please ensure you completed the following checks if you did any changes to the mobile package: