vetKD API
View this sample's code on GitHub
This repository provides a canister (src/system_api
) that offers the vetKD system API proposed in https://github.com/dfinity/interface-spec/pull/158, implemented in an unsafe manner for demonstration purposes.
Additionally, the repository provides:
An example app backend canister (
src/app_backend
) implemented in Rust that makes use of this system API to provide caller-specific symmetric keys that can be used for AES encryption and decryption.An example frontend (
src/app_frontend_js
) that uses the backend from Javascript in the browser.The frontend uses the ic-vetkd-utils to create a transport key pair that is used to obtain a verifiably encrypted key from the system API, to decrypt this key, and to derive a symmetric key to be used for AES encryption/decryption.
Because the
ic-vetkd-utils
are not yet published as NPM package at npmjs.com, a respective package file (ic-vetkd-utils-0.1.0.tgz
) is included in this repository.
Disclaimer
The implementation of the proposed vetKD system API used in this example is unsafe, e.g., we hard-code a master secret key, rather than using a master secret key that is distributed among sufficiently many BigFile nodes through distributed key generation. Do not use this in production or for sensitive data! This example is solely provided for demonstration purposes to collect feedback on the mentioned vetKD system API. See also the respective disclaimer in the system API canister implementation.
Prerequisites
- Install the BIG SDK.
- Install Node.js.
- Install Rust, and add Wasm as a target (
rustup target add wasm32-unknown-unknown
). - Clone the example dapp project:
git clone https://github.com/dfinity/examples
Running Locally
Step 1: Start a local bigfile.
dfx start
Step 2: Open a new terminal window.
Step 3: Ensure
dfx
uses the canister IDs that are hard-coded in the Rust source code:
cd examples/rust/vetkd
dfx canister create system_api --specified-id s55qq-oqaaa-aaaaa-aaakq-cai
Without this, the dfx
may use different canister IDs for the system_api
and app_backend
canisters in your local environment.
Step 4: Ensure that the required node modules are available in your project directory, if needed, by running the following command:
npm install
Step 5:. Register, build, and deploy the project:
dfx deploy
This command should finish successfully with output similar to the following one:
Deployed canisters.
URLs:
Frontend canister via browser
app_frontend_js: http://127.0.0.1:4943/?canisterId=by6od-j4aaa-aaaaa-qaadq-cai
Backend canister via Candid interface:
app_backend: http://127.0.0.1:4943/?canisterId=avqkn-guaaa-aaaaa-qaaea-cai&id=tcvdh-niaaa-aaaaa-aaaoa-cai
app_frontend: http://127.0.0.1:4943/?canisterId=avqkn-guaaa-aaaaa-qaaea-cai&id=b77ix-eeaaa-aaaaa-qaada-cai
system_api: http://127.0.0.1:4943/?canisterId=avqkn-guaaa-aaaaa-qaaea-cai&id=s55qq-oqaaa-aaaaa-aaakq-cai
Step 6: Open the printed URL for the
app_frontend_js
in your browser.