Shared secret declaration. Insert into the domain data to install the
extension. For example (assuming a m-ld clone
object):
clone.write(MeldAclExtensions.declareSecret('test.m-ld.org', randomBytes(16)));
as declared in the MeldConfig
of the clone
a raw AES key, e.g. randomBytes(32)
Use to register each principal with access to the domain, for example
(assuming a m-ld clone
object):
clone.write(MeldAclTransportSecurity.registerPrincipal(
'https://alice.example/profile#me', alicePublicKeySpki));
the principal's identity. As for all domain data, the
principal's IRI can be relative (e.g. 'fred'
).
DER & SPKI encoded public key belonging to the principal
Generated using TypeDoc. Delivered by Vercel. @m-ld/m-ld - v0.10.0-edge.9 Source code licensed MIT. Privacy policy
This extension allows an app to encrypt and apply digital signatures to m-ld protocol network traffic.
For encryption, a secret key is included in the domain data (using declareSecret, or an equivalent write), and is required to decrypt all operations on the domain. The secret can only be obtained by joining the domain, which in turn requires that the requester is registered as a principal in the domain.
Registering a principal requires that the user has a public/private key pair. The public key is registered in the domain using registerPrincipal (or an equivalent write), e.g.
const aliceKeys = generateKeyPairSync('rsa', { modulusLength: 2048, publicKeyEncoding: { type: 'spki', format: 'der' }, privateKeyEncoding: { type: 'pkcs1', format: 'pem' } }); await clone.write(MeldAclTransportSecurity.registerPrincipal( 'https://alice.example/profile#me', aliceKeys.publicKey));
To use transport security, every local clone in the access-controlled domain must be initialised with the following members of the
MeldApp
:transportSecurity
member. (This extension cannot be loaded dynamically because transport security must be available before the clone can connect to the domain.)principal
, that represents the current logged-in user. This object will sign data using RSASSA-PKCS1-v1_5 on the extension's request. E.g.:sign = (data: Buffer) => createSign('RSA-SHA256') .update(data).sign(privateKey);