Nosial/socialbox-standard
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update README: Add guidelines section and modify crypto specs

Browse source
This commit is contained in:
netkas 2024-09-13 13:49:14 -04:00
parent fa4d9b5a75
commit 115e8bca47
1 changed files with 83 additions and 60 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

143
README.md
View file

@ -44,64 +44,88 @@ This project is licensed under GNU Free Documentation License v1.3, see the [LIC
## Table of contents ## Table of contents
<!-- TOC --> <!-- TOC -->
* [About Socialbox](#about-socialbox) - [About Socialbox](#about-socialbox)
* [What's Socialbox?](#whats-socialbox) - [What's Socialbox?](#whats-socialbox)
* [Why use Socialbox?](#why-use-socialbox) - [Why use Socialbox?](#why-use-socialbox)
* [Wouldn't I need to create a lot of accounts?](#wouldnt-i-need-to-create-a-lot-of-accounts) - [Wouldn't I need to create a lot of accounts?](#wouldnt-i-need-to-create-a-lot-of-accounts)
* [License](#license) - [License](#license)
* [Table of contents](#table-of-contents) - [Table of contents](#table-of-contents)
* [Specifications](#specifications) - [Guidelines](#guidelines)
* [UUID v4](#uuid-v4) - [Backwards Compatibility](#backwards-compatibility)
* [DNS Records](#dns-records) - [Deprecation](#deprecation)
* [Peer Address](#peer-address) - [Specifications](#specifications)
* [User Address](#user-address) - [UUID v4](#uuid-v4)
* [Server Address](#server-address) - [DNS Records](#dns-records)
* [Reserved Usernames](#reserved-usernames) - [Peer Address](#peer-address)
* [Regex Pattern (PCRE)](#regex-pattern-pcre) - [User Address](#user-address)
* [RPC Communication](#rpc-communication) - [Server Address](#server-address)
* [How to host the RPC server](#how-to-host-the-rpc-server) - [Reserved Usernames](#reserved-usernames)
* [Notification & Request-Response Communication](#notification--request-response-communication) - [Regex Pattern (PCRE)](#regex-pattern-pcre)
* [Request Object](#request-object) - [RPC Communication](#rpc-communication)
* [Response Object](#response-object) - [How to host the RPC server](#how-to-host-the-rpc-server)
* [Error Response Object](#error-response-object) - [Notification \& Request-Response Communication](#notification--request-response-communication)
* [Cryptography](#cryptography) - [Request Object](#request-object)
* [Key Generation](#key-generation) - [Response Object](#response-object)
* [Signing and Signature Verification](#signing-and-signature-verification) - [Error Response Object](#error-response-object)
* [Temporary Signature & Verification](#temporary-signature--verification) - [Cryptography](#cryptography)
* [Encryption and Decryption](#encryption-and-decryption) - [Key Generation](#key-generation)
* [Error Handling](#error-handling) - [Signing and Signature Verification](#signing-and-signature-verification)
* [Methods](#methods) - [Temporary Signature \& Verification](#temporary-signature--verification)
* [generateKeyPair()](#generatekeypair) - [Encryption and Decryption](#encryption-and-decryption)
* [signContent(content: String, privateKey: String): String](#signcontentcontent-string-privatekey-string-string) - [Error Handling](#error-handling)
* [verifyContent(content: String, signature: String, publicKey: String): Boolean](#verifycontentcontent-string-signature-string-publickey-string-boolean) - [Methods](#methods)
* [temporarySignContent(content: String, privateKey: String): String](#temporarysigncontentcontent-string-privatekey-string-string) - [generateKeyPair()](#generatekeypair)
* [verifyTemporarySignature(content: String, signature: String, publicKey: String, frames: Integer): Boolean](#verifytemporarysignaturecontent-string-signature-string-publickey-string-frames-integer-boolean) - [signContent(content: String, privateKey: String): String](#signcontentcontent-string-privatekey-string-string)
* [encryptContent(content: String, publicKey: String): String](#encryptcontentcontent-string-publickey-string-string) - [verifyContent(content: String, signature: String, publicKey: String): Boolean](#verifycontentcontent-string-signature-string-publickey-string-boolean)
* [decryptContent(ciphertext: String, privateKey: String): String](#decryptcontentciphertext-string-privatekey-string-string) - [temporarySignContent(content: String, privateKey: String): String](#temporarysigncontentcontent-string-privatekey-string-string)
* [Example Implementations](#example-implementations) - [verifyTemporarySignature(content: String, signature: String, publicKey: String, frames: Integer): Boolean](#verifytemporarysignaturecontent-string-signature-string-publickey-string-frames-integer-boolean)
* [Authentication](#authentication) - [encryptContent(content: String, publicKey: String): String](#encryptcontentcontent-string-publickey-string-string)
* [First-Level Authentication](#first-level-authentication) - [decryptContent(ciphertext: String, privateKey: String): String](#decryptcontentciphertext-string-privatekey-string-string)
* [Password (LOGIN)](#password-login) - [Example Implementations](#example-implementations)
* [Second-Level authentication](#second-level-authentication) - [Authentication](#authentication)
* [TOTP (Time-based One-Time Password)](#totp-time-based-one-time-password) - [First-Level Authentication](#first-level-authentication)
* [Procedures](#procedures) - [Password (LOGIN)](#password-login)
* [Establishing a connection](#establishing-a-connection) - [Second-Level authentication](#second-level-authentication)
* [Step 1: DNS Handshake](#step-1-dns-handshake) - [TOTP (Time-based One-Time Password)](#totp-time-based-one-time-password)
* [Step 2: Establish Connection](#step-2-establish-connection) - [Procedures](#procedures)
* [Methods](#methods-1) - [Establishing a connection](#establishing-a-connection)
* [Core](#core) - [Step 1: DNS Handshake](#step-1-dns-handshake)
* [Public](#public) - [Step 2: Establish Connection](#step-2-establish-connection)
* [Ping (`ping`)](#ping-ping) - [Methods](#methods-1)
* [Protected](#protected) - [Core](#core)
* [Internal](#internal) - [Public](#public)
* [Error Codes](#error-codes) - [Ping (`ping`)](#ping-ping)
* [HTTP Status Codes](#http-status-codes) - [Protected](#protected)
* [-1xxx: RPC Errors](#-1xxx-rpc-errors) - [Internal](#internal)
* [-2xxx: Server Errors](#-2xxx-server-errors) - [Error Codes](#error-codes)
- [HTTP Status Codes](#http-status-codes)
- [-1xxx: RPC Errors](#-1xxx-rpc-errors)
- [-2xxx: Server Errors](#-2xxx-server-errors)
<!-- TOC --> <!-- TOC -->
------------------------------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------------------------------
# Guidelines
The guideline section is used to outline guidelines that the standard & project must adhere to, these guidelines are
placed here to ensure that future generations of this specification would remain backwards compatible with at least
up to the first specification version of this project, additionally this section is meant to outline what the project
is intended to be used for and what it's not used for.
## Backwards Compatibility
This specification just like any other project out there, would undergo changes as needed, whether or not these changes
are breaking changes or not, the project must always remain backwards compatible with the first version of the project.
### Deprecation
In the case a method, procedure or object is deprecated, good servers should still continue to support these deprecated
methods, one way to do this is to allow the server to convert the deprecated method to the new method in the background
while retaining the same result as the deprecated method. To consider a method deprecated, the specification must provide
a way as explained in the deprecation comments on how to use the same method call with the newly replaced method.
------------------------------------------------------------------------------------------------------------------------
# Specifications # Specifications
Specifications are used to define exactly how each part of the Socialbox standard works, from communication to privacy, Specifications are used to define exactly how each part of the Socialbox standard works, from communication to privacy,
@ -371,8 +395,10 @@ used for asymmetric encryption and decryption. The key generation process involv
key. The public key can be shared with others to encrypt/verify data, while the private key is kept secret and used to key. The public key can be shared with others to encrypt/verify data, while the private key is kept secret and used to
decrypt/sign data. These are the following conditions for key generation: decrypt/sign data. These are the following conditions for key generation:
* **Key Size**: The key size must be 2048 bits.
* **Algorithm**: The algorithm used for key generation must be RSA. * **Algorithm**: The algorithm used for key generation must be RSA.
* **Key Size**: The key size must be 2048 bits.
* **Padding**: The padding scheme used for encryption and decryption must be OAEP (Optimal Asymmetric Encryption Padding).
* **Hash Function**: The hash function used for RSA encryption and decryption must be SHA-1.
* **Key Encoding** Base64 encoded DER format. * **Key Encoding** Base64 encoded DER format.
* **Private Key** Must be stored in Base64 encoding using [PKCS#8](https://docs.openssl.org/master/man1/openssl-pkcs8/) standard. * **Private Key** Must be stored in Base64 encoding using [PKCS#8](https://docs.openssl.org/master/man1/openssl-pkcs8/) standard.
* **Public Key** Must be stored in Base64 encoding using [X.509](https://docs.openssl.org/master/man7/x509/) standard. * **Public Key** Must be stored in Base64 encoding using [X.509](https://docs.openssl.org/master/man7/x509/) standard.
@ -500,7 +526,7 @@ ciphertext back into plaintext using the corresponding private key. In Socialbox
confidentiality of data exchanged between peers. confidentiality of data exchanged between peers.
* **Algorithm**: RSA with OAEP (Optimal Asymmetric Encryption Padding) * **Algorithm**: RSA with OAEP (Optimal Asymmetric Encryption Padding)
* **Hash**: SHA256 * **Hash**: SHA-1 (Note: Previously, SHA-256 was specified, but for compatibility with OpenSSL, SHA-1 is used).
* **Input**: UTF-8 encoded string as the content to be encrypted. * **Input**: UTF-8 encoded string as the content to be encrypted.
* **Output**: Base64 encoded ciphertext. * **Output**: Base64 encoded ciphertext.
@ -509,14 +535,11 @@ Example encryption and decryption using OpenSSL:
```bash ```bash
# Encrypt the data # Encrypt the data
echo -n "Hello, World!" | openssl rsautl -encrypt -oaep -pubin -inkey public_base64.txt -out ciphertext.bin echo -n "Hello, World!" | openssl rsautl -encrypt -oaep -pubin -inkey public_base64.txt -out ciphertext.bin
```
To decrypt the ciphertext, you must use the private key:
```bash
# Decrypt the data # Decrypt the data
openssl rsautl -decrypt -oaep -inkey private_base64.txt -in ciphertext.bin openssl rsautl -decrypt -oaep -inkey private_base64.txt -in ciphertext.bin
``` ```
> Note: In this example, the produced ciphertext is binary data, but if you want to transmit the ciphertext over the > Note: In this example, the produced ciphertext is binary data, but if you want to transmit the ciphertext over the