herocode/webassembly
12
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rework-cli-with-rhai-scripting-engine
webassembly/scripts/examples/mycelium_example.md

4.8 KiB
Raw Permalink Blame History

Mycelium Integration Example

This document demonstrates how to use the Mycelium messaging system with the WebAssembly Cryptography Module for remote script execution.

Overview

Mycelium is a peer-to-peer, end-to-end encrypted messaging system that allows for secure communication between nodes. When integrated with the WebAssembly Cryptography Module, it enables remote execution of Rhai scripts, allowing for distributed cryptographic operations.

Example Scenario

In this example, we'll demonstrate how a remote system can send a Rhai script to the cryptographic module for execution, and receive the results.

Step 1: Start the Listener

First, start the cryptographic module's Mycelium listener:

crypto-cli listen

This will start a Mycelium node that listens for scripts on the "crypto.scripts" topic.

Step 2: Send a Script from a Remote System

From another system, send a Rhai script to the listener:

use mycelium::{Node, Identity};

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    // Create a Mycelium node
    let identity = Identity::random();
    let node = Node::new(identity)?;
    
    // Connect to the network
    node.start().await?;
    
    // Define the script to execute
    let script = r#"
    // Create a key space
    if create_key_space("remote_space") {
        print("Key space created successfully");
        
        // Create a keypair
        if create_keypair("remote_keypair") {
            print("Keypair created successfully");
            
            // Select the keypair
            if select_keypair("remote_keypair") {
                print("Keypair selected successfully");
                
                // Sign a message
                let message = "Hello from remote system";
                let signature = sign(message);
                
                print("Message: " + message);
                print("Signature: " + signature);
                
                // Return the signature as the result
                signature
            } else {
                "Failed to select keypair"
            }
        } else {
            "Failed to create keypair"
        }
    } else {
        "Failed to create key space"
    }
    "#;
    
    // Send the script to the crypto module
    println!("Sending script to crypto module...");
    let target_id = "RECIPIENT_ID"; // The ID of the crypto module's Mycelium node
    node.publish("crypto.scripts", target_id, script.as_bytes().to_vec()).await?;
    
    // Subscribe to receive the result
    let mut receiver = node.subscribe("crypto.results").await?;
    
    // Wait for the result
    println!("Waiting for result...");
    if let Some(msg) = receiver.recv().await {
        let result = String::from_utf8_lossy(&msg.payload);
        println!("Received result: {}", result);
    }
    
    Ok(())
}

Step 3: Process the Result

The remote system can then process the result of the script execution:

// Continue from the previous example...

// Parse the signature from the result
let signature_hex = result.trim();

// Use the signature for further operations
println!("Signature received: {}", signature_hex);

// Verify the signature locally
let message = "Hello from remote system";
let message_bytes = message.as_bytes();
let signature_bytes = hex_to_bytes(signature_hex);

// Assuming we have the public key of the remote keypair
let is_valid = verify_with_public_key(public_key, message_bytes, &signature_bytes);
println!("Signature valid: {}", is_valid);

Security Considerations

When using Mycelium for remote script execution, consider the following security measures:

  1. Authentication: Ensure that only authorized nodes can send scripts to your crypto module.
  2. Script Validation: Validate scripts before execution to prevent malicious code.
  3. Resource Limits: Set appropriate limits on script execution to prevent denial of service.
  4. Sensitive Data: Be careful about what data is returned in script results.
  5. End-to-End Encryption: Mycelium provides end-to-end encryption, but ensure your node IDs are properly secured.

Benefits of Mycelium Integration

  • Decentralized: No central server required, making the system more resilient.
  • End-to-End Encrypted: All communication is encrypted by default.
  • NAT Traversal: Works across different network environments without complex configuration.
  • Rust Native: Seamless integration with the WebAssembly Cryptography Module.

Example Use Cases

  1. Distributed Key Management: Manage cryptographic keys across multiple systems.
  2. Secure Communication: Establish secure communication channels between systems.
  3. Remote Signing: Sign messages or transactions remotely without exposing private keys.
  4. Automated Cryptographic Operations: Schedule and execute cryptographic operations from remote systems.