npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

hyperlog-capability

v1.0.0

Published

group permissions for hyperlog

Downloads

4

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

nopersonsmodulesnopersonsmodules

Keywords

hyperlogp2pcapability systempermissionscrypto

Readme

hyperlog-capability

group permissions for hyperlog

WARNING: experimental, unproven cryptosystem!

Capability systems enforce "who can do what" with a resource. Unix file permissions are a good example: a bitfield specifies who is allowed to read, write, or execute each file.

This package provides a familiar read+write capability system using cryptography designed for group-to-group collaboration.

In the literature you can read about some p2p group key management schemes, but they too often assume a low-latency, available network which is not a reasonable assumption for many off grid, real-world settings. This package makes tradeoffs that work for high-latency scenarios like passing around a usb thumb drive between remote off-grid communities.

example

var level = require('level')
var cap = require('hyperlog-capability')({
  logdb: level('/tmp/cap/log'),
  db: level('/tmp/cap/db'),
  sodium: require('chloride'),
  valueEncoding: 'json',
})
if (process.argv[2] === 'create') {
  var name = process.argv[3]
  cap.createGroup(name, function (err, gid) {
    if (err) console.error(err)
    else console.log(name, gid.toString('hex'))
  })
} else if (process.argv[2] === 'list') {
  cap.listGroups(function (err, groups) {
    if (err) return console.error(err)
    groups.forEach(function (g) {
      console.log(g.name, g.id)
    })
  })
} else if (process.argv[2] === 'stream') {
  cap.createReadStream().on('data', console.log)
} else if (process.argv[2] === 'append') {
  var id = Buffer(process.argv[3], 'hex')
  var groups = process.argv[4].split(',')
  var data = process.argv.slice(5).join(' ')
  var opts = { groups: groups, identity: id }
  cap.append(data, opts, function (err, node) {
    if (err) console.error(err)
    else console.log(node.key)
  })
} else if (process.argv[2] === 'get') {
  cap.get(process.argv[3], function (err, doc) {
    if (err) console.error(err)
    else console.log(doc.toString())
  })
}

api

var hcap = require('hyperlog-capability')

var log = hcap(opts)

  • opts.logdb - leveldb instance to store log data
  • opts.db - leveldb instance to store capability tables
  • opts.sodium - sodium interface (require('chloride') works well)
  • opts.valueEncoding - store log records with this encoding

log provides the hyperlog interface plus the methods documented below.

Every insertion with log.batch(), log.append(), or log.add() must provide:

  • opts.groups - array of group hex id strings that are allowed access to the document being inserted
  • opts.identity - group id to use to sign the document being inserted

log.createGroup(name, cb)

Create a group identified by the human-meaningful, non-exclusive string name.

cb(err, gid) fires with the group id hex string gid.

var stream = log.listGroups(cb)

Get a list of all groups as a readable stream or as cb(err, groups).

Each group object has:

  • group.id - unique group id hex string
  • group.name - human-meaningful, non-exclusive name

log.invite(opts, cb)

  • opts.to - recipient group of this invitation
  • opts.group - the group to be joined
  • opts.mode - read/write mode string: 'r', 'w', or 'rw'

If you have read access to a group, you will be able to decrypt messages.

If you have write access to a group, you will be able to sign messages on behalf of the group that will be accepted as a legitimate.

design

The cryptographic capabilities of the system are enforced implicitly by knowledge of secret keys. Each group has two keypairs: a signing key (sign) and an encryption key (box). The sign/box terminology corresponds to the underlying sodium crypto_sign and crypto_box methods for each keypair.

The group id is the concatenation of the signing public key with the box public key.

If you know the box key, you can read messages addressed to the group. If you know the sign key, you can create messages that will be accepted as legitimate communications on behalf of that group by other peers.

When you write a document into the log, the document is encrypted with a unique 32-byte document key. Each group that will get access to this document receives a secret message encrypted to the group's box key. The secret message contains the document key.

When you invite group A to join group B, you encrypt a message to A's box key with B's box and/or sign key. If A has access from an invite to B's box key, then A can decrypt any documents encrypted for B, including future invites. However, invites are one-way, so B can't read A's documents.

The only unit of social organization in this package is the group where a group refers to the agents that have access to that group's secret keys. For bootstrapping and other purposes, you will probably want to have each machine or personal identity belong to a single-member group.

install

npm install hyperlog-capability

license

BSD