ki-safe-transfer-lib

Encryption

return to documentation

Contents


Why encryption?

Encryption is required to for additional layer of client’s data protection, even in case of successful attack on server. The only data, which is not encrypted and can be exposed to attacker:

The main element - the signed collect transaction, is encrypted to ensure it can’t be used without the key. The passcode is not sent with Retrievable transaction The key for collection, when sent to server, is an encrypted passcode; the expiration policies ensure, that data is wiped and not stored - the successful transactions can be found on the blockchain.

☝ despite passcode being always hidden, we highly recommend not to reuse passcodes.

to top

What is being encrypted?

As mentioned above, the signed collect transaction and the passcode (in collect request) are the only valuable data and both being encrypted. Encrypting passcode before sending it to collect transaction creates additional security layer to protect in case of traffic hijacking.

For encryption/decryption we provide the Retrievable Transfer Crypto npm library. The reason for not making Crypto a part of this library is to make the process more transparent and to give users more control of the Retrievable Transfer flow.

to top

How to do it?

To encrypt the collect transaction when sending

import {
  generateSalt,
  encryptTransaction,
} from '@kiroboio/safe-transfer-crypto'

const salt = generateSalt({ raw: raw_collect_transaction })

const encryptedTrx = encryptTransaction({
  raw: raw_collect_transaction,
  passcode: passcode,
  salt: salt,
})

to top

What about collecting?

import {generateDecryptionKey} from '@kiroboio/safe-transfer-crypto'

const createCollectKey = (passcode: string, salt: string) => generateDecryptionKey({ passcode, salt })

Salt is provided from the server as a part of Collectable object.

to top

return to documentation