Stian/Shade
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dbb3a090d89dd9e7fd0f90535ad5333aefa34926
Shade/packages/shade-recovery
History
Sterister dbb3a090d8 release(v4.4.0): public accessor for device identity public key 
Expose the local device's 32-byte Ed25519 identity public key on Shade
so apps can hand it to their own backend at enrollment time for
signature verification, key pinning or per-device safety-number
computation. Closes the gap that forced consumers to ship placeholder
random bytes their backend could store but never verify against.

- @shade/sdk Shade.identityPublicKey: Promise<Uint8Array> — getter
  mirrors the existing fingerprint accessor. Throws pre-init,
  reflects the current key after rotate(), retired key preserved in
  retired-identities storage per existing grace-period contract.
  Private key remains unreachable.
- Test in shade-sdk/tests/sdk.test.ts: round-trip match against the
  underlying storage's signingPublicKey, plus value updates after
  rotate().
- Lockstep version bump 4.3.0 → 4.4.0 across all 25 packages.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-05 17:58:45 +02:00
..
src
release(v4.0.0): Shade GA — V3.x consolidation + audit prep
2026-05-03 18:35:35 +02:00
tests
release(v4.0.0): Shade GA — V3.x consolidation + audit prep
2026-05-03 18:35:35 +02:00
package.json
release(v4.4.0): public accessor for device identity public key
2026-05-05 17:58:45 +02:00
README.md
release(v4.0.0): Shade GA — V3.x consolidation + audit prep
2026-05-03 18:35:35 +02:00
tsconfig.json
release(v4.0.0): Shade GA — V3.x consolidation + audit prep
2026-05-03 18:35:35 +02:00

README.md

@shade/recovery

Social key recovery for Shade — V3.10.

Shamir Secret Sharing over GF(2^8) splits the user's identity backup key into n shares; any threshold-many k together reconstruct the identity onto a new device. Distribution and reconstruction ride existing 1:1 Shade sessions — no centralized recovery agent.

Install

bun add @shade/recovery

Quick wire-up

import {
  setupRecovery,
  attachGuardian,
  requestRecovery,
  MemoryRecoveryStore,
} from '@shade/recovery';

// Primary (Alice's existing device)
await setupRecovery({
  shade,
  guardians: ['bob', 'carol', 'dan', 'eve', 'faythe'],
  threshold: 3,
  deliver: async (to, envelope) => myOutbox.send(to, envelope),
});

// Each guardian
attachGuardian({
  shade,
  store: new MemoryRecoveryStore(),    // swap for persistent store in prod
  approve: async (ctx) => askUser(ctx),
  deliver: async (to, envelope) => myOutbox.send(to, envelope),
});

// New device (Alice on a fresh phone)
await requestRecovery({
  shade: tempShade,
  originalAddress: 'alice',
  setupId: '<from recovery card>',
  threshold: 3,
  guardians: ['bob', 'carol', 'dan', 'eve', 'faythe'],
  deliver: async (to, envelope) => myOutbox.send(to, envelope),
});

See docs/recovery.md for the full threat model, persistence recommendations, and guardian-UX guidance.

Tests

bun test                    # all
bun test tests/shamir       # Shamir primitives
bun test tests/integration  # 3-of-5 end-to-end
bun test tests/adversarial  # k-1 collusion + forged shares + OOB-gate
Reference in New Issue View Git Blame Copy Permalink