ScatterWebExtension
ScatterWebExtension copied to clipboard
GetScatter
Create new funcionality to encrypt and decrypt a text with private key
Please create a new functionality to encrypt and decrypt an arbitrary text with EOS private key and other EOS public key.
Methods signatures (example):
object EncryptText(string text, key publicKey)
Encrypts the text with the current Scatter Wallet EOS private key and the passed publicKey and returns the encrypted text.
object DecryptText(string encryptedText, key publicKey)
Decrypts the encryptedText with the current Scatter Wallet EOS private key and the passed publicKey and returns the decrypted text.
Please check this example with EOS js API and local keys, should be simple, like include this code inside scatter js lib: https://github.com/b-mail/Documentation/blob/master/javascript-encrypt.md
Usage
/***
* Requests a signature for arbitrary data.
* @param publicKey
* @param data - The data to be signed
* @param whatfor
* @param isHash - True if the data requires a hash signature
*/
scatter.requestArbitrarySignature(publicKey, data, whatfor = '', isHash = false){
It should be noted that if you're signing a sha256 hash for EOS you need to use the isHash boolean, as is uses a different signature method. For arbitrary data leave it false.
@nsjames thanks for your work on this issue, but you implemented method to sign text and not to excrypt/decrypt text, like explained above on top. Although the signing may be useful (don't remove it), can you please reopen this issue and implement the encrypt and decrypt methods? Thanks
Yes, however this is probably as close as Scatter will ever provide to giving something that can be used to encrypt random things with that proves ownership. Take for instance this flow. App provides a passphrase, user uses private key to sign the passphrase, app encrypts with the signed passphrase.
The problem with Scatter providing encryption is encryption algorithms inside of Scatter will inevitably change over time ( they already have multiple times ), invalidating every encryption without letting the app do anything about it beforehand, Scatter can't be held back on encryption updates for external applications. Each application should handle their own encryption flow but be able to use something provably owned.
Thanks for the explanation @nsjames . But scatter could just use internally the eos standard lib to do this encryption, instead implementing own encryption/decryption cores, I'm referring to this module: Eos.modules.ecc (Elliptic curve cryptography functions) https://github.com/eosio/eosjs-ecc
Usage example here: https://github.com/b-mail/Documentation/blob/master/javascript-encrypt.md
If scatter can't do this it's a big problem, because our dapp don't have access to user private key to encrypt. It would require a key server instead of using scatter direct on browser :(
This is just to encrypt a small field that can't be public.
I'm also very interested in this api to be implemented.
Our app requires some data to be encrypted, so only specified users should be able to read it.
Now we have an option to ask user to enter his eos private key to decrypt message (using similar approach as @utilsites has posted above), but this feels somewhere insecure.
It would be great if Scatter can provide such api, which gives better security and user experience.
You can send a message of arbitrary data to Scatter and have the user sign it with a private key, from there you would use that signed message to encrypt their data and only they would be able to reproduce the key.
Allowing websites to use private keys to encrypt data internally using it's own encryption algorithms is something that Scatter will never provide. It creates more problems than solutions because as time goes on the encryption algorithms will change within scatter without allowing websites time to update the encrypted data on their side, and will make all of the websites encrypted data locked forever.
@nsjames Thanks for a response.
You can send a message of arbitrary data to Scatter and have the user sign it with a private key, from there you would use that signed message to encrypt their data and only they would be able to reproduce the key.
The case i wrote about is when server encrypt data and client (web-page) decrypt it using user private key.
Allowing websites to use private keys to encrypt data internally using it's own encryption algorithms is something that Scatter will never provide.
Once again this proposal suppose that client-side decrypt payload using well known encryption/decryption flow provided by eosjs-ecc.
It creates more problems than solutions because as time goes on the encryption algorithms will change...
Maybe we should think about what problems could arise and consider some ways to overcome them instead of blocking half of UX provided by "asymmetric" encryption?
@nsjames and @salterok, the scatter api could allow the encryption/decryption with all eosjs-ecc versions, specified in scatter api call.
You know what. Let me take another look at this once some other more important things ( dawn4, migrations, etc ) are done. I'm reopening this.
I am also interested in this issue. I think if Scatter could offer AES encrypt / decrypt methods, it would be great for EOS dapps. We could easily have end-to-end encryption that offers privacy and zero-knowledge for off-blockchain data that is kept in private servers.
+1 for the encrypt and decrypt methods. Need that for our dapp as well. This is an important use case of keypairs.
Can someone move this ticket over to Scatter Desktop? It's one I'd like to keep but it will get lost here in extension as it gets more and more deprecated.
Dont know how to move issues so I created a new one referencing this one: https://github.com/GetScatter/ScatterDesktop/issues/43
