More Peergos update

This commit is contained in:
Ian Preston 2020-04-27 07:34:35 +00:00
parent b5e7d04cec
commit be4080fdd2
1 changed files with 3 additions and 1 deletions

View File

@ -8,6 +8,8 @@ There is a global append-only log for the public key to username mappings. This
Login and key management: A peergos user's private keys are derived every time they log in using their username, password and a published salt. Specifically, a signing keypair, boxing keypair, and symmetric key is derived. Users store their friends keys in their encrypted storage space in a TOFU keystore. Users can verify key of friends in person or over the phone using QR codes or fingerprints. Login and key management: A peergos user's private keys are derived every time they log in using their username, password and a published salt. Specifically, a signing keypair, boxing keypair, and symmetric key is derived. Users store their friends keys in their encrypted storage space in a TOFU keystore. Users can verify key of friends in person or over the phone using QR codes or fingerprints.
This enables multiple device support, and no awkward key management UX. The user never needs to see a key or a hash.
### Data storage ### Data storage
Each user must have at least one peergos server. The servers run an instance of IPFS. Data is content-addressed: stored in mappings from hash to data. During upload the client splits files into 5 MiB chunks which are each independently encrypted (along with encrypted metadata) and stored in a merkle-CHAMP (compressed hash array mapped prefix trie) in ipfs. Directories can't be distinguished from small files, nor are the sizes of files, or the number of files, or directory structure, or who has access to them visible to the server. Each user must have at least one peergos server. The servers run an instance of IPFS. Data is content-addressed: stored in mappings from hash to data. During upload the client splits files into 5 MiB chunks which are each independently encrypted (along with encrypted metadata) and stored in a merkle-CHAMP (compressed hash array mapped prefix trie) in ipfs. Directories can't be distinguished from small files, nor are the sizes of files, or the number of files, or directory structure, or who has access to them visible to the server.
@ -16,7 +18,7 @@ The user lists the IPFS node id of the server (hash of its public key). It synch
### Social ### Social
Users can follow each other. Follow requests are sent through a users storage server, which is contacted via its public key. Follows are one-way, and allow sharing files and sending messages. Users can follow each other. Follow requests are sent through a users storage server, which is contacted via its public key. Follows are one-way, and allow sharing files and sending messages. Critically, the server never sees who is following who (even follow requests are blinded). You store your own social graph encrypted in your peergos space.
### Privacy and Access Control ### Privacy and Access Control