Recommend this page to a friend! |
Classes of Scott Arciszewski | sapient | docs/Specification.md | Download |
|
DownloadSapient SpecificationOverviewSapient provides the following operations that can be performed on HTTP requests and responses:
OperationsShared-key AuthenticationMessages are authenticated with HMAC-SHA512256, as provided by NaCl. HMAC-SHA512256 is the leftmost 32 bytes of a raw binary string generated by HMAC-SHA512. Sapient encodes the MAC with base64url, then
stores it in a Shared-Key EncyptionMessages are encrypted with XChaCha20-Poly1305, with a random 24-byte nonce. The nonce must be generated from the operating system's non-blocking CSPRNG
(i.e. After encryption, the nonce is prepended to the ciphertext. The encrypted message (in raw binary) is formatted like this.
Ciphertexts are base64url-encoded in transmission. Public-Key SignaturesMessages are authenticated with Ed25519, as provided by NaCl and defined in RFC 8032. Sapient encodes the signature with base64url, then
stores it in a Public-Key Encyption (Sealing)Each message encryption generates an ephemeral X25519 keypair. The ephemeral public key will be prepended to the ciphertext so that the shared secret key can be recalculated by a recipient with the correct X25519 signing key. The derived key will be the first 32 bytes of a 56-byte BLAKE2b hash of the X25519 shared secret and both public keys. The nonce for the message will be the remaining 24 bytes. The message is then encrypted with XChaCha20-Poly1305, with the ephemeral public key prepended to the message (and used as addition data). The encrypted message (in raw binary) is formatted like this. Messages are encrypted with XChaCha20-Poly1305, with a random 24-byte nonce.
The process for encrypting a message with a recipient's public key (
The process for decrypting a sealed message is as follows:
Ciphertexts are base64url-encoded in transmission. |