diff --git a/README.md b/README.md index 84d0f63..a7c456b 100644 --- a/README.md +++ b/README.md @@ -4,14 +4,22 @@ This project provides a WebAssembly module written in Rust that offers cryptogra ## Features +- **Key Space Management** + - Password-protected encrypted spaces + - Multiple spaces with different passwords + - Persistent storage in browser's localStorage + - Auto-logout after 15 minutes of inactivity + - **Asymmetric Cryptography** - - ECDSA keypair generation + - Multiple named ECDSA keypairs + - Keypair selection for operations - Message signing - Signature verification - **Symmetric Cryptography** - ChaCha20Poly1305 encryption/decryption - Secure key generation + - Password-based encryption ## Prerequisites @@ -76,7 +84,7 @@ wasm-pack build --target web 2. Start the local server: ```bash -node www/server.js +cd www && npm install && node server.js ``` 3. Open your browser and navigate to http://localhost:8080. @@ -91,23 +99,57 @@ cargo test ## API Reference +### Key Space Management + +```javascript +// Create a new key space +const result = await wasm.create_key_space("my_space"); +if (result === 0) { + console.log("Space created successfully"); +} + +// Encrypt the current space with a password +const encryptedSpace = await wasm.encrypt_key_space("my_password"); +localStorage.setItem("crypto_space_my_space", encryptedSpace); + +// Decrypt and load a space +const storedSpace = localStorage.getItem("crypto_space_my_space"); +const decryptResult = await wasm.decrypt_key_space(storedSpace, "my_password"); +if (decryptResult === 0) { + console.log("Space loaded successfully"); +} + +// Logout (clear current session) +wasm.logout(); +``` + ### Keypair Operations ```javascript -// Initialize a new keypair -const result = await wasm.keypair_new(); +// Create a new keypair in the current space +const result = await wasm.create_keypair("my_keypair"); if (result === 0) { - console.log("Keypair initialized successfully"); + console.log("Keypair created successfully"); } -// Get the public key +// Select a keypair for use +const selectResult = await wasm.select_keypair("my_keypair"); +if (selectResult === 0) { + console.log("Keypair selected successfully"); +} + +// List all keypairs in the current space +const keypairs = await wasm.list_keypairs(); +console.log("Available keypairs:", keypairs); + +// Get the public key of the selected keypair const pubKey = await wasm.keypair_pub_key(); -// Sign a message +// Sign a message with the selected keypair const message = new TextEncoder().encode("Hello, world!"); const signature = await wasm.keypair_sign(message); -// Verify a signature +// Verify a signature with the selected keypair const isValid = await wasm.keypair_verify(message, signature); console.log("Signature valid:", isValid); ``` @@ -126,13 +168,28 @@ const ciphertext = await wasm.encrypt_symmetric(key, message); const decrypted = await wasm.decrypt_symmetric(key, ciphertext); const decryptedText = new TextDecoder().decode(decrypted); console.log("Decrypted:", decryptedText); + +// Derive a key from a password +const derivedKey = wasm.derive_key_from_password("my_password"); + +// Encrypt with a password +const passwordMessage = new TextEncoder().encode("Password protected message"); +const passwordCiphertext = await wasm.encrypt_with_password("my_password", passwordMessage); + +// Decrypt with a password +const passwordDecrypted = await wasm.decrypt_with_password("my_password", passwordCiphertext); +const passwordDecryptedText = new TextDecoder().decode(passwordDecrypted); +console.log("Password decrypted:", passwordDecryptedText); ``` ## Security Considerations -- The keypair is stored in memory and is not persisted between page reloads. +- Key spaces are encrypted using ChaCha20Poly1305 with a key derived from the user's password. +- Keypairs are stored in encrypted spaces and persisted in localStorage when the space is saved. +- The system implements auto-logout after 15 minutes of inactivity for additional security. - The symmetric encryption uses ChaCha20Poly1305, which provides authenticated encryption. - The nonce for symmetric encryption is generated randomly and appended to the ciphertext. +- Password-based key derivation uses SHA-256 (consider using a more secure KDF like Argon2 for production). ## License