Please enable JavaScript.
Coggle requires JavaScript to display documents.
Private Storage - Coggle Diagram
Private Storage
Concepts
Accounts
-
Contain zero or more secrets, which are each encrypted to their device's private key.
-
-
Secrets
Are individual pieces of encrypted data, like a password, cryptocurrency seed words, government ID numbers, bank account numbers, etc.
-
Devices
-
Specifically, a web view on that device, opened to any supernode with its own localStorage, where we can store
-
-
Private Chat
A communication channel that can have (possibly encrypted) messages pushed to it, and which listeners can subscribe to.
-
Channels can have a public label (the channel name) that senders push to and receivers subscribe to.
There is no storage associated with a channel. If a receiver joins a channel after a message is sent, the only way to receive it is to request it from other listeners.
Chat messages can be encrypted with the keypair of the receipient(s) (sender encrypts with the public key of recipient, receiver decrypts with private key)
Supernode
Same as a "server" in other systems, except:
-
-
-
It is a thin or "dumb" server, merely doing the following:
-
-
Applications
-
-
Authentication / credentials, like cached oauth or single sign-on solutions
-
-
Benefits :
Without needing a central server, that can suffer data breaches, or a separate backup.
-
For companies: no need to run separate infrastructure, can contribute to generic pooled services
-
-
Operations
Restoring
Special cases:
Initializing: for a new account, remaining authorized devices is the first new device, revoked devices is empty, existing backup code is empty, existing secrets are empty.
Adding new device: for account with existing devices, new remaining authorized devices is previous authorized devices plus the new device, revoked devices remains the same as before.
enabling access to secrets and mutual 2-FA / M-FA among remaining authorized devices, minus revoked devices, producing new backup codes
-
Outputs:
-
existing secrets {S}, re-encrypted to new devices { D' }
new devices { D' } = { D } + d - { r }, with new device d and without revoked devices r
-
-
-
-
-