sal-modular/hero_vault_extension
2025-05-26 23:01:47 +03:00
..
dist refactor: migrate extension to TypeScript and add Material-UI components 2025-05-26 23:01:47 +03:00
public refactor: migrate extension to TypeScript and add Material-UI components 2025-05-26 23:01:47 +03:00
scripts refactor: migrate extension to TypeScript and add Material-UI components 2025-05-26 23:01:47 +03:00
src refactor: migrate extension to TypeScript and add Material-UI components 2025-05-26 23:01:47 +03:00
index.html refactor: migrate extension to TypeScript and add Material-UI components 2025-05-26 23:01:47 +03:00
package-lock.json refactor: migrate extension to TypeScript and add Material-UI components 2025-05-26 23:01:47 +03:00
package.json refactor: migrate extension to TypeScript and add Material-UI components 2025-05-26 23:01:47 +03:00
README.md refactor: migrate extension to TypeScript and add Material-UI components 2025-05-26 23:01:47 +03:00
tsconfig.json refactor: migrate extension to TypeScript and add Material-UI components 2025-05-26 23:01:47 +03:00
tsconfig.node.json refactor: migrate extension to TypeScript and add Material-UI components 2025-05-26 23:01:47 +03:00
vite.config.ts refactor: migrate extension to TypeScript and add Material-UI components 2025-05-26 23:01:47 +03:00

SAL Modular Cryptographic Browser Extension

A modern, secure browser extension for interacting with the SAL modular Rust cryptographic stack, enabling key management, cryptographic operations, and secure Rhai script execution.

Features

Session & Key Management

  • Create and unlock encrypted keyspaces with password protection
  • Create, select, and manage multiple keypairs (Ed25519, Secp256k1)
  • Clear session state visualization and management

Cryptographic Operations

  • Sign and verify messages using selected keypair
  • Encrypt and decrypt messages using asymmetric cryptography
  • Support for symmetric encryption using password-derived keys

Scripting (Rhai)

  • Execute Rhai scripts securely within the extension
  • Explicit user approval for all script executions
  • Script history and audit trail

WebSocket Integration

  • Connect to WebSocket servers using keypair's public key
  • Receive, review, and approve/reject incoming scripts
  • Support for both local and remote script execution

Security

  • Dark mode UI with modern, responsive design
  • Session auto-lock after configurable inactivity period
  • Explicit user approval for all sensitive operations
  • No persistent storage of passwords or private keys in plaintext

Architecture

The extension is built with a modern tech stack:

  • Frontend: React with TypeScript, Material-UI
  • State Management: Zustand
  • Backend: WebAssembly (WASM) modules compiled from Rust
  • Storage: Chrome extension storage API with encryption
  • Networking: WebSocket for server communication

Development Setup

  1. Install dependencies:

    cd sal_extension
    npm install
    
  2. Build the extension:

    npm run build
    
  3. Load the extension in Chrome/Edge:

    • Navigate to chrome://extensions/
    • Enable "Developer mode"
    • Click "Load unpacked" and select the dist directory
  4. For development with hot-reload:

    npm run watch
    

Integration with WASM

The extension uses WebAssembly modules compiled from Rust to perform cryptographic operations securely. The WASM modules are loaded in the extension's background script and provide a secure API for the frontend.

Key WASM functions exposed:

  • init_session - Unlock a keyspace with password
  • create_keyspace - Create a new keyspace
  • add_keypair - Create a new keypair
  • select_keypair - Select a keypair for use
  • sign - Sign a message with the selected keypair
  • run_rhai - Execute a Rhai script securely

Security Considerations

  • The extension follows the principle of least privilege
  • All sensitive operations require explicit user approval
  • Passwords are never stored persistently, only kept in memory during an active session
  • Session state is automatically cleared when the extension is locked
  • WebSocket connections are authenticated using the user's public key

License

MIT License