release(v4.9.0): relay-side encrypted blob primitive + SDK Profile namespace
Ships the Prism FR (encrypted-profile-storage-v4.9.md) as a generic relay-side encrypted blob primitive: deterministically-located, AEAD-sealed blobs keyed by a 32-byte slotId derived client-side via HKDF from the user's master key. Unlocks credential-only bootstrap of new devices into existing E2EE state — no QR, no physical access. Server: BlobStore interface + Memory/Sqlite/Postgres impls, createBlobRoutes for GET/PUT/DELETE /v1/blob/:slotId with TOFU pubkey auth and If-Match CAS (409/412 semantics). Mounted on the same Hono app as the inbox; SHADE_BLOB_PG_URL / SHADE_BLOB_DB_PATH / SHADE_DISABLE_BLOB env-var plumbing in standalone. SDK: createProfileNamespace high-level wrapper (HKDF derivation, random-nonce AEAD seal, slotId-bound AAD) + low-level BlobClient. Cross-platform test vectors in test-vectors/blob-storage.json. New errors: ConflictError (409), PreconditionFailedError (412). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -122,3 +122,42 @@ export function deriveNonce(rowKey: Uint8Array, table: string, pk: string): Uint
|
||||
export function buildAad(table: string, column: string, pk: string): Uint8Array {
|
||||
return TEXT.encode(`shade-aad-v1|${table}|${column}|${pk}`);
|
||||
}
|
||||
|
||||
// ─── V4.9 — relay-side encrypted blob primitive ──────────────
|
||||
//
|
||||
// Three deterministic 32-byte derivations rooted at the user's master
|
||||
// key, used by `@shade/sdk`'s `Profile` namespace to bootstrap a brand
|
||||
// new device into existing E2EE state from credentials alone:
|
||||
//
|
||||
// slotId = HKDF(masterKey, info=`shade-blob-slot-v1:${app}`)
|
||||
// blobKey = HKDF(masterKey, info=`shade-blob-key-v1:${app}`)
|
||||
// sigSeed = HKDF(masterKey, info=`shade-blob-sig-v1:${app}`)
|
||||
//
|
||||
// `app` is a caller-supplied namespace (e.g. `"prism-profile"`) so two
|
||||
// Shade apps with the same user/master never collide on the same slot.
|
||||
//
|
||||
// The slot identifier and the AEAD key are *both* derived from the
|
||||
// master — the relay sees opaque slotIds and AEAD-sealed blobs and
|
||||
// cannot decrypt or correlate slots to users. The signing seed is the
|
||||
// raw 32-byte Ed25519 private key (matches @noble/curves' API: pubkey
|
||||
// = ed25519.getPublicKey(seed)).
|
||||
|
||||
/** Lower-hex 64-char slotId derived from the master key. */
|
||||
export function deriveBlobSlotId(masterKey: Uint8Array, app: string): Uint8Array {
|
||||
return hkdfDerive(masterKey, `shade-blob-slot-v1:${app}`, 32);
|
||||
}
|
||||
|
||||
/** AEAD key for sealing/opening the blob. Use AAD = slotId. */
|
||||
export function deriveBlobKey(masterKey: Uint8Array, app: string): Uint8Array {
|
||||
return hkdfDerive(masterKey, `shade-blob-key-v1:${app}`, 32);
|
||||
}
|
||||
|
||||
/**
|
||||
* 32-byte Ed25519 signing seed (== the private key in the @noble/curves
|
||||
* convention). The pubkey, derived deterministically from the seed, is
|
||||
* what the relay TOFU-stores on the first PUT and verifies subsequent
|
||||
* writes against.
|
||||
*/
|
||||
export function deriveBlobSigningSeed(masterKey: Uint8Array, app: string): Uint8Array {
|
||||
return hkdfDerive(masterKey, `shade-blob-sig-v1:${app}`, 32);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user