Implement FEP-8b32: Object Integrity Proofs
aumetra opened this issue · comments
Aumetra Weisman commented
https://codeberg.org/fediverse/fep/src/branch/main/fep/8b32/fep-8b32.md
Probably makes most sense in conjunction with FEP-521a: Representing actor's public keys (so we can attach an additional Ed25519 key to the actor and just slowly attempt to phase out RSA)
Related to #133
Aumetra Weisman commented
The object proof structure should probably follow this structure:
- Create
kitsune-object-proof
crate - Crate uses
ed25519-dalek
(with the SIMD features activated) for Ed25519 operations - It offers an asynchronous interface by using the
kitsune-blocking
crate and offloading the operations on the threadpool of cryptographic operations
Aumetra Weisman commented
This would require a redesign of the database and how keys are represented in the database.
Potential structure:
- Move keys away from the
accounts
table itself - Create new table
accounts_keys
(name can be bikeshedded)
Table structure:
CREATE TABLE accounts_keys (
key_id TEXT PRIMARY KEY,
account_id UUID REFERENCES accounts(id) ON DELETE CASCASE ON UPDATE CASCADE,
public TEXT NOT NULL,
private TEXT,
created_at TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP
);
Where the key_id
is the URL as found in the actor.