HackMD - Collaborative Markdown Knowledge Base

Code implementation available [here](https://github.com/spruceid/ssx-credential-issuer/pull/8/files). This is pseudocode based on implementation for understanding/discussion purposes. The primary difference between the password and signature approaches are in how the text for key generation comes in. I (Sam), strongly prefer to use a signature for key generation from a UX perspective. I think we should also have a pop ```typescript= const hashText = async (text: string) => { // returns a sha256 hash of the text }; const generateEncryptionKey = async (text: string) => { // generates key material from input // derives key from key material // returns key }; const encrypt = async (data: string, encryptionKey: CryptoKey) => { // encrypt from string => JWE (JSON Web Encryption), uses key /** * JWEs like JWTs provide/package encryption metadata nicely * JWEs provide much of the Encryption support we require including * - ECIES Handshake * - handles the IV (initial value) vectors **/ }; const decrypt = async (encrypted: any, encryptionKey: CryptoKey) => { // decrypt JWE to string, uses key }; /** * Password Encryption Approach **/ const passwordEncryption = () => { // get password from user const password = "password"; const hashedPW = hashText(password); // generate key from PASSWORD const key = generateEncryptionKey(hashedPW); // encrypt some data const data = "protected text"; const encryptedData = encrypt(data, key); // decrypt data const decryptedData = decrypt(encryptedData, key); // they should be equal if (data !== decryptedData) { throw new Error("something went seriously wrong!"); } } /** * Signature Encryption Approach **/ const signatureEncryption = (ethereumProvider: any) => { // get user signature of message const message = `Sign this message to generate an encryption key for ${ethereumProvider.address()}`; const signature = await ethereumProvider.signMessage(message); // this is the only place the signature is used. // The ethereumProvider may also have access to the signature, but it is not sent anywhere // generate key from SIGNATURE const key = generateEncryptionKey(signature); // encrypt some data const data = "protected text"; const encryptedData = encrypt(data, key); // decrypt data const decryptedData = decrypt(encryptedData, key); // they should be equal if (data !== decryptedData) { throw new Error("something went seriously wrong!"); } } ```