floDapps, floCloudAPI: Secure private key
- Store AES-encrypted private key in memory. (exploring memory of browser will not have raw private key)
- floDapps lock/unlock (in user): locks or unlock the private key (ie, lock= Password required, unlock= password not required in returning private key)
- floDapps.launchStartUp now accepts options object
- to lock the private key on startup, pass {lock_key: true} in options objects of launchStartUp
This commit is contained in:
sairajzero
parent
5ab0bc36f0
commit
b80bd43313
@ -1,4 +1,4 @@
|
||||
(function(EXPORTS) { //floCloudAPI v2.4.0
|
||||
(function(EXPORTS) { //floCloudAPI v2.4.1
|
||||
/* FLO Cloud operations to send/request application data*/
|
||||
'use strict';
|
||||
const floCloudAPI = EXPORTS;
|
||||
@ -10,7 +10,7 @@
|
||||
callback: (d, e) => console.debug(d, e)
|
||||
};
|
||||
|
||||
var user_id, user_public, user_private;
|
||||
var user_id, user_public, user_private, aes_key;
|
||||
const user = {
|
||||
get id() {
|
||||
if (!user_id)
|
||||
@ -25,10 +25,10 @@
|
||||
sign(msg) {
|
||||
if (!user_private)
|
||||
throw "User not set";
|
||||
return floCrypto.signData(msg, user_private);
|
||||
return floCrypto.signData(msg, Crypto.AES.decrypt(user_private, aes_key));
|
||||
},
|
||||
clear() {
|
||||
user_id = user_public = user_private = undefined;
|
||||
user_id = user_public = user_private = aes_key = undefined;
|
||||
}
|
||||
}
|
||||
|
||||
@ -45,14 +45,17 @@
|
||||
user: {
|
||||
set: priv => {
|
||||
if (!priv)
|
||||
user_id = user_public = user_private = undefined;
|
||||
user_id = user_public = user_private = aes_key = undefined;
|
||||
else {
|
||||
user_public = floCrypto.getPubKeyHex(priv);
|
||||
user_id = floCrypto.getFloID(user_public);
|
||||
if (!user_public || !user_id || !floCrypto.verifyPrivKey(priv, user_id))
|
||||
user_id = user_public = user_private = undefined;
|
||||
else
|
||||
user_private = priv;
|
||||
user_id = user_public = user_private = aes_key = undefined;
|
||||
else {
|
||||
let n = floCrypto.randInt(12, 20);
|
||||
aes_key = floCrypto.randString(n);
|
||||
user_private = Crypto.AES.encrypt(priv, aes_key);
|
||||
}
|
||||
}
|
||||
},
|
||||
get: () => user
|
||||
|
||||
33
floDapps.js
33
floDapps.js
@ -1,4 +1,4 @@
|
||||
(function(EXPORTS) { //floDapps v2.3.0
|
||||
(function(EXPORTS) { //floDapps v2.3.1
|
||||
/* General functions for FLO Dapps*/
|
||||
'use strict';
|
||||
const floDapps = EXPORTS;
|
||||
@ -11,12 +11,12 @@
|
||||
adminID: floGlobals.adminID
|
||||
};
|
||||
|
||||
var raw_user_private; //private variable inside capsule
|
||||
var user_priv_raw, aes_key, user_priv_wrap; //private variable inside capsule
|
||||
const raw_user = {
|
||||
get private() {
|
||||
if (!raw_user_private)
|
||||
if (!user_priv_raw)
|
||||
throw "User not logged in";
|
||||
return raw_user_private;
|
||||
return Crypto.AES.decrypt(user_priv_raw, aes_key);
|
||||
}
|
||||
}
|
||||
|
||||
@ -38,14 +38,21 @@
|
||||
else if (user_private instanceof Function)
|
||||
return user_private();
|
||||
else
|
||||
return user_private;
|
||||
return Crypto.AES.decrypt(user_private, aes_key);
|
||||
},
|
||||
get db_name() {
|
||||
return "floDapps#" + user.id;
|
||||
},
|
||||
lock() {
|
||||
user_private = user_priv_wrap;
|
||||
},
|
||||
async unlock() {
|
||||
if (await user.private === raw_user.private)
|
||||
user_private = user_priv_raw;
|
||||
},
|
||||
clear() {
|
||||
user_id = user_public = user_private = undefined;
|
||||
raw_user_private = undefined;
|
||||
user_priv_raw = aes_key = undefined;
|
||||
delete user.contacts;
|
||||
delete user.pubKeys;
|
||||
delete user.messages;
|
||||
@ -233,7 +240,7 @@
|
||||
resolve(inputVal)
|
||||
});
|
||||
|
||||
function getCredentials(invisible_key) {
|
||||
function getCredentials(lock_key) {
|
||||
|
||||
const readSharesFromIDB = indexArr => new Promise((resolve, reject) => {
|
||||
var promises = []
|
||||
@ -325,10 +332,14 @@
|
||||
user_public = floCrypto.getPubKeyHex(privKey);
|
||||
user_id = floCrypto.getFloID(privKey);
|
||||
floCloudAPI.user = privKey; //Set user for floCloudAPI
|
||||
if (!invisible_key)
|
||||
user_private = privKey;
|
||||
user_priv_wrap = () => checkIfPinRequired(key);
|
||||
let n = floCrypto.randInt(12, 20);
|
||||
aes_key = floCrypto.randString(n);
|
||||
user_priv_raw = Crypto.AES.encrypt(privKey, aes_key);
|
||||
if (!lock_key)
|
||||
user_private = user_priv_raw;
|
||||
else
|
||||
user_private = () => checkIfPinRequired(key);
|
||||
user_private = user_priv_wrap;
|
||||
resolve('Login Credentials loaded successful')
|
||||
} catch (error) {
|
||||
console.log(error)
|
||||
@ -388,7 +399,7 @@
|
||||
})
|
||||
});
|
||||
let p2 = new Promise((res, rej) => {
|
||||
callAndLog(getCredentials(options.invisible_key)).then(r => {
|
||||
callAndLog(getCredentials(options.lock_key)).then(r => {
|
||||
callAndLog(initUserDB()).then(r => {
|
||||
callAndLog(loadUserDB())
|
||||
.then(r => res(true))
|
||||
|
||||
@ -24,7 +24,7 @@
|
||||
//floDapps.addStartUpFunction('Sample', Promised Function)
|
||||
//floDapps.setAppObjectStores({sampleObs1:{}, sampleObs2:{options{autoIncrement:true, keyPath:'SampleKey'}, Indexes:{sampleIndex:{}}}})
|
||||
//floDapps.setCustomPrivKeyInput( () => { FUNCTION BODY *must resolve private key* } )
|
||||
floDapps.launchStartUp( /*{invisible_key: true}*/ ).then(result => {
|
||||
floDapps.launchStartUp( /*{lock_key: true}*/ ).then(result => {
|
||||
console.log(result)
|
||||
alert(`Welcome FLO_ID: ${myFloID}`)
|
||||
//App functions....
|
||||
|
||||
Loading…
Reference in New Issue
Block a user