shweta
April 2, 2019, 7:38pm
1
Hi, Would like to know more about how security works in PeerPad.
There’s a great document explaining the security model in the project’s repository:
# PeerPad Security
# 🔓 PeerPad is experimental software. It hasn't been audited, and as such shouldn't be used to create or share sensitive information.
PeerPad is a decentralized editor that allows concurrent writing of text. Besides making live changes to a given document, it allows read-only nodes to follow the changes in real-time. It also allows you to publish a self-contained snapshot of the document to IPFS.
Below we describe the security model and take the opportunity to describe the underlying architecture in more detail.
## Security Model
PeerPad aims to be private. All data that is published into the network is encrypted and requires a key to decrypt. To participate in the real-time network of updates to a given document, the node must be in possession of the key. To read a snapshot, the reading node must also be in possession of a read key.
These keys are to be transmitted in the URL in a way that no server gets them (through the hash portion of the URL).
### Creating a document
When creating a document, two keys are created: the read key and the write key. These keys make an asymetric key pair, which means that anything signed with the private key can be validated with the public key. Nodes that have the write keys sign the operation messages using it. All nodes detaining the read key can validate the message signature and apply the respective operations if it checks out.
### Security: Real-time collaborative editing
show original
shweta
April 5, 2019, 10:13pm
3
Could you please tell me How keys are generated when I click Start/Go in browser.?
PeerPad uses the local store to store some records. - does that mean it uses browser cache?
In order for this to be safe from people with access to the local store that don’t have the key, these records are encrypted using a symmetric key derived from the “read key”.