blind-pairing-core
v2.8.0
Published
Core blind pairing module
Downloads
1,057
Readme
blind-pairing-core
Pairing Flow
The pairing flow proceeds as follows:
- The member (inviter) creates an invitation (a new signing keypair) and shares
{ discoveryKey, seed }
with a candidate (invitee).publicKey
is set aside for later use. - The candidate produces a request with arbitrary
userData
signed by the invitation keyPair, this is encrypted to a key derived from the invitepublicKey
. - Upon receiving the request, the member decrypts the payload and verifies the signature against the invitation
publicKey
, proving that the invitee hassecretKey
. - The member can evaluate
userData
and either confirm or deny the request. A response is returned to the candidate which may contain the{ key, encryptionKey }
needed to join the room. - The candidate verifies that
key
corresponds todiscoveryKey
, confirming that the remote peer has read-access tokey
(is a valid member).
Usage
import { CandidateRequest, MemberRequest, createInvite } from 'blind-pairing-core'
const { invite, publicKey } = createInvite(key) // key is a Hypercore or Autobase key
// candidate
const candidate = new CandidateRequest(invite, { userData: 'hello world' })
candidate.on('accepted', () => console.log('accepted!'))
const transport = candidate.encode()
// member
const request = MemberRequest.from(transport)
const userData = request.open(publicKey)
console.log(userData) // hello world
request.confirm({ key })
// candidate
candidate.handleResponse(request.response)
// candidate accepted event will fire
console.log(candidate.auth) // { key }
API
exports:
{
CandidateRequest,
MemberRequest,
createInvite,
decodeInvite,
verifyReceipt
}
CandidateRequest
API
const req = new CandidateRequest(invite, userData, opts = { session })
Instanstiate a new candidate request from a given invite.
const auth = req.handleResponse(payload)
Handle the response received from the peer.
req.destroy()
Destroy the request.
const buf = req.encode()
Encode the request to be sent to the peer.
req.id
Unique id for this request.
req.inviteId
Invite id corresponding to this request.
req.discoveryKey
Discovery key corresponding to this request.
req.on('accepted', key => { ... })
An event that fires when an invite is accepted.
req.on('rejected', err => { ... })
An event that fires when an invite is rejected.
const persisted = req.persist()
Returns a buffer that can be used to restore the request at a later point.
CandidateRequest.from (persisted)
Restore a persisted request.
MemberRequest
API
const req = new MemberRequest(inviteId, requestData)
Instantiate a new member request using the request id and the request data
const userData = req.open(invitePublicKey)
Open the request using the corresponding invitation public key.
req.confirm({ key, encryptionKey })
Confirm the request with the requested auth data.
req.deny()
Deny the request.
const req = MemberRequest.from(incomingRequest)
Static method to create a member request directly from a received request.
req.inviteId
The invite id corresponding to the request, this can be used to find the invitation public key.
req.id
The unique id corresponding to the request.
req.response
The response that should be sent back to the candidate. Only populated after the request is either confirmed or denied.
req.receipt
A stand alone receipt of this request that can be verified against the public key.
req.discoveryKey
Discovery key corresponding to this request.
const { invite, discoveryKey, publicKey } = createInvite(key)
Create invites for a given key.
const { discoveryKey, seed } = decodeInvite(invite)
Decode an invite
object.
const userData = verifyReceipt(receipt, invitePublicKey)
Verify a previously opened request. Returns userData
if receipt is valid and null
otherwise.
License
Apache-2.0