signify-ts icon indicating copy to clipboard operation
signify-ts copied to clipboard
Published 1 month ago verified publisher icon WebOfTrust

feat: ESSR tunneling with KERIA API

Open iFergal opened this issue 11 months ago • 3 comments

This will require a new dev release after https://github.com/WebOfTrust/keria/pull/351 is merged, but locally all the integration tests pass.

HTTP requests between Signify and KERIA are now wrapped/tunneled in ESSR (encrypted HTTP request inside the body of a signed wrapper HTTP request) for confidentiality and general improvements.

createSignedRequest can still be used to use the old method of signed headers in case any projects or extensions are using that for web interactions.

iFergal avatar Jan 17 '25 12:01 iFergal

Codecov Report

Attention: Patch coverage is 99.21260% with 1 line in your changes missing coverage. Please review.

Project coverage is 84.01%. Comparing base (cddb007) to head (a214c0c). Report is 15 commits behind head on main.

Files with missing lines Patch % Lines
src/keri/app/clienting.ts 96.00% 1 Missing :warning:
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #304      +/-   ##
==========================================
+ Coverage   83.64%   84.01%   +0.36%     
==========================================
  Files          48       48              
  Lines        4238     4328      +90     
  Branches     1042     1064      +22     
==========================================
+ Hits         3545     3636      +91     
+ Misses        663      662       -1     
  Partials       30       30

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

:rocket: New features to boost your workflow:
  • :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • :package: JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

codecov[bot] avatar Jan 17 '25 12:01 codecov[bot]

@iFergal Great to see this security hardening!

Since Authenticater / Authenticator is exported and its spelling changed, this might suggest a version change?

Note that WebCrypto in Chrome browser will soon support X25519, so when that's available, it might be a more performant alternative to libsodium when signify-ts is used in browser extensions. Could be a separate backlog item to abstract the crypto library interface. [X25519 algorithm of the Web Cryptography API](https://chromestatus.com/feature/6291245926973440)

edeykholt avatar Jan 19 '25 01:01 edeykholt

@edeykholt The 0.3.0 branch was cut recently, so this will be on the next version anyway.

Regarding web crypto, this is great to see but we need more than just X25519 from libsodium. crypto box seal from libsodium provides the hybrid public key encryption described in the SPAC paper.

iFergal avatar Jan 19 '25 20:01 iFergal

This has diverged too much from main, so closing and opening a new one.

iFergal avatar Jun 24 '25 12:06 iFergal