refactor: migrate extension to TypeScript and add Material-UI components
This commit is contained in:
Sameh Abouel-saad
88
hero_vault_extension/README.md
Normal file
88
hero_vault_extension/README.md
Normal file
@@ -0,0 +1,88 @@
|
||||
# SAL Modular Cryptographic Browser Extension
|
||||
|
||||
A modern, secure browser extension for interacting with the SAL modular Rust cryptographic stack, enabling key management, cryptographic operations, and secure Rhai script execution.
|
||||
|
||||
## Features
|
||||
|
||||
### Session & Key Management
|
||||
- Create and unlock encrypted keyspaces with password protection
|
||||
- Create, select, and manage multiple keypairs (Ed25519, Secp256k1)
|
||||
- Clear session state visualization and management
|
||||
|
||||
### Cryptographic Operations
|
||||
- Sign and verify messages using selected keypair
|
||||
- Encrypt and decrypt messages using asymmetric cryptography
|
||||
- Support for symmetric encryption using password-derived keys
|
||||
|
||||
### Scripting (Rhai)
|
||||
- Execute Rhai scripts securely within the extension
|
||||
- Explicit user approval for all script executions
|
||||
- Script history and audit trail
|
||||
|
||||
### WebSocket Integration
|
||||
- Connect to WebSocket servers using keypair's public key
|
||||
- Receive, review, and approve/reject incoming scripts
|
||||
- Support for both local and remote script execution
|
||||
|
||||
### Security
|
||||
- Dark mode UI with modern, responsive design
|
||||
- Session auto-lock after configurable inactivity period
|
||||
- Explicit user approval for all sensitive operations
|
||||
- No persistent storage of passwords or private keys in plaintext
|
||||
|
||||
## Architecture
|
||||
|
||||
The extension is built with a modern tech stack:
|
||||
|
||||
- **Frontend**: React with TypeScript, Material-UI
|
||||
- **State Management**: Zustand
|
||||
- **Backend**: WebAssembly (WASM) modules compiled from Rust
|
||||
- **Storage**: Chrome extension storage API with encryption
|
||||
- **Networking**: WebSocket for server communication
|
||||
|
||||
## Development Setup
|
||||
|
||||
1. Install dependencies:
|
||||
```
|
||||
cd sal_extension
|
||||
npm install
|
||||
```
|
||||
|
||||
2. Build the extension:
|
||||
```
|
||||
npm run build
|
||||
```
|
||||
|
||||
3. Load the extension in Chrome/Edge:
|
||||
- Navigate to `chrome://extensions/`
|
||||
- Enable "Developer mode"
|
||||
- Click "Load unpacked" and select the `dist` directory
|
||||
|
||||
4. For development with hot-reload:
|
||||
```
|
||||
npm run watch
|
||||
```
|
||||
|
||||
## Integration with WASM
|
||||
|
||||
The extension uses WebAssembly modules compiled from Rust to perform cryptographic operations securely. The WASM modules are loaded in the extension's background script and provide a secure API for the frontend.
|
||||
|
||||
Key WASM functions exposed:
|
||||
- `init_session` - Unlock a keyspace with password
|
||||
- `create_keyspace` - Create a new keyspace
|
||||
- `add_keypair` - Create a new keypair
|
||||
- `select_keypair` - Select a keypair for use
|
||||
- `sign` - Sign a message with the selected keypair
|
||||
- `run_rhai` - Execute a Rhai script securely
|
||||
|
||||
## Security Considerations
|
||||
|
||||
- The extension follows the principle of least privilege
|
||||
- All sensitive operations require explicit user approval
|
||||
- Passwords are never stored persistently, only kept in memory during an active session
|
||||
- Session state is automatically cleared when the extension is locked
|
||||
- WebSocket connections are authenticated using the user's public key
|
||||
|
||||
## License
|
||||
|
||||
[MIT License](LICENSE)
|
||||
Reference in New Issue
Block a user