# Encrypted Attachments Goals: - Eliminate processing and B64 33% inflation - Maintain message integity - Minimize observable artifacts ### JWE attachment type > Note: I don't like the name `trunk` and it needs to be replaced. Suggestions Requested > This document uses `jwe` instead of `encrypted`, which I think I like. It's more opinionated about how encryption must be represented, but also less likely to be abused, possibly? > Examples are truncated for clarity. #### Example DIDComm message with JWE Attachment ```json= { "type": "<sometype>", "to": ["did:example:mediator"], "body":{}, "attachments": [ { "id": "x", "hash": "<hash of jwe>", "data": { "jwe": { "protected": "eyJ0...QmJaQl", "recipients": [ { "encrypted_key": "J1F...WLg" } ], "iv": "u5kIzo0m_d2PjI4m", "ciphertext": "ABCDEFG", "extracted": "XYZ", "tag": "doeAoagwJe9BwKayfcduiw" } } } ] } ``` ### Packing 1. Confirm that hash is present for JWE attachments. 1. Extract JWE Attachment ciphertext and extracted 2. Construct Extracted string 3. Replace extracted strings with marker information 4. Encrypt message to JWE as normal 5. Add extracted attribute to the JSON form of the JWE. #### Extracted Extracted String and Marker Replacement ``` ABCDEFGXYZ ``` ```json= { "type": "<sometype>", "to": ["did:example:mediator"], "body":{}, "attachments": [ { "id": "x", "data": { "jwe": { "protected": "eyJ0...QmJaQl", "recipients": [ { "encrypted_key": "J1F...WLg" } ], "iv": "u5kIzo0m_d2PjI4m", "ciphertext_external": {'index':0,'length':7,'hash':'hash(ciphertext)'}, "extracted_external": {'index':7,'length':3,'hash':'hash(extracted)'}, "tag": "doeAoagwJe9BwKayfcduiw" } } } ] } ``` https://tools.ietf.org/html/rfc7515#appendix-F #### JWE Encrypted with Extracted Addition ```json= { "protected": "QmJaJ0...eyQl", "recipients": [ { "encrypted_key": "X5T...uVw" } ], "iv": "o0m_d2PjI4mu5kIz", "ciphertext": "oag...wcdu", "extracted": "ABCDEFGXYZ", "tag": "e9BwKayfcduiwdoeAoagwJ" } ``` > Note: Because both the `ciphertext` and `extracted` are packed into the next extracted, the effect is recursive. ### Unpacking 1. Extract extracted attribute if present 2. Decrypt JWE as normal 3. Look for JWE attachments with marker information 4. Use marker information to extract from extracted string 5. Remove markers 6. Verify Hash to confirm integrity #### Extract Extracted Attribute if present ``` ABCDEFGXYZ ``` ```json= { "type": "<sometype>", "to": ["did:example:mediator"], "body":{}, "attachments": [ { "id": "x", "data": { "jwe": { "protected": "eyJ0...QmJaQl", "recipients": [ { "encrypted_key": "J1F...WLg" } ], "iv": "u5kIzo0m_d2PjI4m", "ciphertext_external": {'index':0,'length':7,'hash':'hash(ciphertext)'}, "extracted_external": {'index':7,'length':3,'hash':'hash(extracted)'}, "tag": "doeAoagwJe9BwKayfcduiw" } } } ] } ``` #### Decrypted Message, with extracted markers replaced with content ```json= { "type": "<sometype>", "to": ["did:example:mediator"], "body":{}, "attachments": [ { "id": "x", "data": { "jwe": { "protected": "eyJ0...QmJaQl", "recipients": [ { "encrypted_key": "J1F...WLg" } ], "iv": "u5kIzo0m_d2PjI4m", "ciphertext": "ABCDEFG", "extracted": "XYZ", "tag": "doeAoagwJe9BwKayfcduiw" } } } ] } ``` ### Questions - Extracted are available for inspection. Observers will be able to derive some information from comparing portions of the extracted. -