2

I need to exchange private data in user space.

because gun.grant and gun.trust is deprecated, I followed this example:

https://gun.eco/docs/SEA#quickstart 

<script src="https://cdn.jsdelivr.net/npm/gun/gun.js"></script>
<script src="https://cdn.jsdelivr.net/npm/gun/sea.js"></script>
<script>
// var Gun = require('gun'); // in NodeJS 
// require('gun/sea');
var SEA = Gun.SEA;
;(async () => {
var pair = await SEA.pair();
var enc = await SEA.encrypt('hello self', pair);
var data = await SEA.sign(enc, pair);
console.log(data);
var msg = await SEA.verify(data, pair.pub);
var dec = await SEA.decrypt(msg, pair);
var proof = await SEA.work(dec, pair);
var check = await SEA.work('hello self', pair);
console.log(dec);
console.log(proof === check);
// now let's share private data with someone:
var alice = await SEA.pair();
var bob = await SEA.pair();
var enc = await SEA.encrypt('shared secret', await SEA.secret(bob.epub, alice));
await SEA.decrypt(enc, await SEA.secret(alice.epub, bob));
// `.secret` is Elliptic-curve Diffie–Hellman
// Bob allows Alice to write to part of his graph, he creates a certificate for Alice
var certificate = await SEA.certify(alice.pub, ["^AliceOnly.*"], bob)
// Alice logs in 
const gun = Gun();
await gun.user().auth(alice);
// and uses the certificate
await gun.get('~'+bob.pub).get('AliceOnly').get('do-not-tell-anyone').put(enc, null, {opt: {cert: certificate}})
await gun.get('~'+bob.pub).get('AliceOnly').get('do-not-tell-anyone').once(console.log) // return 'enc'
})();
</script>

but it always throws "Certificate verification fail."

I tried user.auth instead of SEA.pair() but still not working

Chito Adinugraha
  • 1,220
  • 2
  • 15
  • 21

1 Answers1

5

SEA.certify will replace the deprecated methods to enable others to write on your graph. SEA.certify

var Alice = await SEA.pair()
var Bob = await SEA.pair()
var Dave = await SEA.pair()

// Alice wants to allow Bob and Dave to use write to her "inbox" and "stories" UNTIL TOMORROW
// On Alice's side:
var certificate = await SEA.certify([Bob.pub, Dave.pub], [{"*": "inbox", "+": "*"}, {"*": "stories"}], Alice, null, {expiry: Gun.state()+(60*60*24*1000)})

// Now on Bob/Dave's side, they can write to Alice's graph using gun.put:
gun.get('~'+Alice.pub).get('inbox').get('deeper'+Bob.pub).put('hello world', null, {opt: {cert: certificate}}) // {opt: {cert: certificate}} is how you use Certificate in gun.put

On a related note, there are some other very useful encryption examples here.

For the sake of this answer I will post them:

1-to-1 encryption

///////////////////////////////////
// On my side - logged in as myself
///////////////////////////////////
var myPair = gun.user()._.sea;
// retrieve bob's user
const bob = gun.user(bobPublicKey);
// generate encryption secret using bob's epub and my pair
// this means only bob will be able to regenerate this secret with my pub key and his pair
const secret = await SEA.secret(bob.epub, myPair)
// encrypt the data using the secret
const encryptedData = await SEA.encrypt('private message for bob', secret);

////////////////////////////////////
// on Bob's side - logged in as Bob
///////////////////////////////////
const myPair = gun.user()._.sea;
// generate the secret - this will output the same secret generated by myself
// but this time we generate with bobs pair and my epub
const secret = await SEA.secret(myPair.epub, bob)
// just decrypt the data using the secret
const decryptedData = await SEA.decrypt(encryptedData, secret);

Multiple users encryption

(async () => {
  
  /////////////////////////////////////////////////////////////////
  // Instead of logging in with actual users, we are 
  // going to generate SEA pairs which is basically the same thing
  /////////////////////////////////////////////////////////////////
  
  // User 1 encrypts one message
  const user1 = await SEA.pair();
  
  const plainMessage = 'Hello, how are you?';
  const encryptionKey = 'this is my encryption key which is a normal string';
  const encryptedMessage = await SEA.encrypt(plainMessage, encryptionKey);
  
  // User 2, 3 and 4 will receive the message and decrypt it
  const user2 = await SEA.pair();
  const user3 = await SEA.pair();
  const user4 = await SEA.pair();
  
  // Each user gets an encrypted encryption key. If you print them, they all different
  const encryptedEncryptionKeyUser2 = await SEA.encrypt(encryptionKey, await SEA.secret(user2.epub, user1));
  const encryptedEncryptionKeyUser3 = await SEA.encrypt(encryptionKey, await SEA.secret(user3.epub, user1));
  const encryptedEncryptionKeyUser4 = await SEA.encrypt(encryptionKey, await SEA.secret(user4.epub, user1));
  
 
  // Each user decrypts his own encrypted encryption key
  // These three decrypted encryptions keys that we get are all the same
  const decryptedEncryptionKeyUser2 = await SEA.decrypt(
    encryptedEncryptionKeyUser2, 
    await SEA.secret(user1.epub, user2)
  );
  const decryptedEncryptionKeyUser3 = await SEA.decrypt(
    encryptedEncryptionKeyUser3, 
    await SEA.secret(user1.epub, user3)
  );
  const decryptedEncryptionKeyUser4 = await SEA.decrypt(
    encryptedEncryptionKeyUser4, 
    await SEA.secret(user1.epub, user4)
  );
  
  // Each user decrypts the encrypted message using the decrypted encryption key
  const decryptedMessageUser2 = await SEA.decrypt(encryptedMessage, decryptedEncryptionKeyUser2);
  const decryptedMessageUser3 = await SEA.decrypt(encryptedMessage, decryptedEncryptionKeyUser3);
  const decryptedMessageUser4 = await SEA.decrypt(encryptedMessage, decryptedEncryptionKeyUser4);
});
Dshiz
  • 3,099
  • 3
  • 26
  • 53