There is a global append-only log for the public key to username mappings. This is mirrored on every node in the peergos system. (how is consensus guaranteed? Is the corenode same as the peergos nodes?)
Login and key management: A peergos user's private keys are derived every time log in using their username and password. Specifically, a signing keypair, boxing keypair, and symmetric key is derived.
Each user must have at least one peergos server. The servers run an instance of IPFS. Data is content-addressed: stored in mappings from hash to hashed data.
The user lists the IPFS node id of the server (hash of its public key). It synchronizes their writes and displays the latest root hashes. Data is always encrypted on the servers.
### Social
Users can follow each other. Follow requests are sent through a user’s storage server, which is contacted via its public key. Follows are one-way, and allow sharing files and sending messages.
Files are encrypted on the peergos nodes, which only have access to metadata.
Access to files gained through social follows can be revoked by rotating cryptographic keys.
Access is controlled through cryptographic capabilities:
- the file owner's public signing key is used to look up the filesystem
- the label is used to look up the file
- after retrieval, it is decrypted using the base key given to the person who has access
A user can publish a capability of a file or folder they control which makes it publicly visible.
A user can also share links to files, like a google doc "share" link, which lets anyone who views it at that special URL to view the file. However, the file is not transmitted unencrypted over the network, as the key to decrypt it is in the URL itself, and is interpreted locally in the browser.
