Skip to content

Instantly share code, notes, and snippets.

@HerbCaudill
Last active May 1, 2024 14:43
Show Gist options
  • Save HerbCaudill/9b786cd56dc3495939671dffe6879c8d to your computer and use it in GitHub Desktop.
Save HerbCaudill/9b786cd56dc3495939671dffe6879c8d to your computer and use it in GitHub Desktop.
lf-auth-notes

Demos:

  • taco-chat
  • todos
  • XDev

Overview

A working implementation of the principles Martin presented

  • Provides a principled way to manage team membership and roles without a central server
  • All authority traced back to the group's founder
  • Founder can be removed
  • Mutual removals are resolved by seniority

Implementation

The membership graph is built on CRDX, which is a build-your-own-CRDT library with built-in authentication and encryption. Each node in the graph is asymmetrically encrypted by the author and can be decrypted using the team's keys. The encrypted form of the graph is its canonical form, and when you decrypt it you're simultaneously verifying the authenticity of each node.

Invitations

Loose implementation of Keybase's Seitan protocol

  • Alice chooses or generates a secret invitation code (the "password" in pake)
  • Alice derives a keypair from that code
  • Alice records the public key on the team graph
  • Alice sends the secret invitation code to Bob via a trusted side channel
  • Bob also derives the same keypair from the code, and uses the private key to sign a document; this serves as proof of invitation
  • Any member of the group can then validate this proof with the public key recorded on the graph

Key management

  • Devices have keys; devices' private keys never leave the device
  • Users can have multiple devices
  • Users can belong to multiple roles; each role has its own keys
  • The admin role is special; it provides access to all other role-level keys
  • There are team-wide keys

Lockboxes

Keys are recorded on the graph using lockboxes.

A lockbox is a set of keys that has been asymmetrically encrypted to be decrypted by another set of keys. For example, to get a user's keys to that user's devices, the user's keys are asymmetrically encrypted once for each device.

lockboxes

Keys and lockboxes form a graph: A device can use its keys to obtain the user's keys, and then use the user's keys to obtain keys for roles that the member belongs to, as well as the team keys.

keygraph keyrotation
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment