offline flow
All checks were successful
Release to Production / build_and_release (push) Successful in 27s

This commit is contained in:
zver 2024-06-11 22:13:40 +01:00
parent 8e6d29f574
commit b0616ea5bc
3 changed files with 39 additions and 0 deletions

View File

@ -1,3 +1,4 @@
* [Create](/create.md)
* [Sign](/sign.md)
* [Verify](/verify.md)
* [Offline Flow](/offline.md)

38
offline.md Normal file
View File

@ -0,0 +1,38 @@
# Offline Flow
SIGit is fully functional without a network connection! The creator just needs the following:
* Browser
* Nostr Extension or nS for signing
* A local copy of the SIGit application
* The public key (nPub) of each counterparty
* The documents to be signed
The creator flow is as follows:
1. Create the SIGit as usual
2. Export the SIGit
3. Pass the SIGit to the next counterparty via USB or other offline mechanism
The signer flow is as follows:
1. Upload the SIGit
2. Review and sign
3. Pass on the SIGit (to every counterparty if last signer)
To illustrate with a diagram:
![](static/offline.drawio.png)
## Offline SIGit Structure
The exported SIGit is a zip file that contains everything that the next signer (or verifier) needs to proceed, namely:
* app folder - containing a launchable instance of the app
* encrypted sigit file - containing the files to be signed and associated metadata
* `keys.json` file
The `keys.json` file contains the decryption key(s) for the encrypted sigit file. To decrypt a key, it is necessary to know the receivers private key, and the senders public key. To avoid metadata leakage, the sender is always a throwaway key pair, and that public key (npub) is in the `keys.json` file. Only the receiver can decrypt the decryption key.
For the last signer, it is necessary to encrypt the decryption key to multiple npubs. We also do not wish to leak the identity of those npubs, nor the number of counterparties. For this reason we create an **array** of decryption keys, rounded up to the nearest 10 (padded with fake keys), and the recipient must cycle through and try to decrypt each one. This is why you will see multiple decryption requests when verifying an offline (encrypted) SIGit.

BIN
static/offline.drawio.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 60 KiB