The DAG

[richardschneider]

At the lowest level the DAG must signify that the data is encrypted. This needs

• encryption method
• key id
• key holder (optional)

The key id is the multihash of the public key.

The key holder is the peer id that holds the private key. This can be used automate the retrieval of the private key. Note: this should not specified if the publisher wants to remain anonymous and will provide the key is some out-of-band process.

[richardschneider]

message PBLink {
  optional bytes Hash = 1;
  optional string Name = 2;
  optional uint64 Tsize = 3;
}

message PBEncrypted {
  optional string KeyMethod = 1;
  optional string DataMethod = 2;
  optional string KeyId = 3;
  optional repeated bytes DataKey = 4;
  optional string KeyHolder = 5;
}

message PBNode {
  optional repeated PBLink Links = 2;
  optional PBEncrypted = 3;
  optional bytes Data = 1;
}

• KeyID the multihash of the key used to encrypt DataKey
• DataKey an ephemeral symmetric key used to decrypt the Data. Its encrypted with the KeyId
• KeyHolder multihashed peer ID that holds the private key to decrypt the DataKey
• KeyMethod asymmetric encryption method used on DataKey, such as 'rsa-*`
• DataMethod symmetric encryption method used on Data, such as aes-*

[richardschneider]

By using PKCS 7/CMS the PBNode message is as below and PBEncrypted is no longer required

message PBNode {
  enum DataType {
    Plain = 0;
    CMS = 1;
  }
  optional repeated PBLink Links = 2;
  optional DataType Type = 3;
  optional bytes Data = 1;
}

[RangerMauve]

I think DAG node encryption is still very important. For my use-case the names of the links in the DAG are just as important as the actual data.

[richardschneider]

A better approach to signifying encrypted data to is to use a CID v1 and adding a new multicodec value for cms. This requires minimal changes to existing software, only the multicodec table needs to be changed.