#user-group #post-quantum-cryptography #user-management #encryption #key-management #sdk #rotation

sentc

Encryption and group/user management sdk. Easy-to-use encryption with post quantum cryptography.

2 unstable releases

0.3.0 Oct 26, 2024
0.2.0 Oct 7, 2024
0.1.0 May 17, 2023

#436 in Cryptography

Custom license

165KB
5K SLoC

Sentc sdk

It supports user- and group management as well as key rotation and its build to serve large amount of users without any problems.

Why a new protocol?

  • focus on groups
  • focus on archive, encrypt once and everyone with access can decrypt it without expensive and complex key exchange
  • serverside encrypted key rotation. Much faster than client side rotation.

Sentc got two components:

  • the client sdks to encrypt and decrypt
  • the server to handle user auth and groups + key management

Difference between rust sdk and the other

The other sdk's like javascript or flutter are designed with datastore in mind. In js it uses the indexeddb in the browser and in flutter the device storage or encrypted storage.

This sdk was designed to use your own storage. This means you need to provide more information for each function than in the other sdk's. But this gives you the flexibility to use it in your programs without compromises.

There is no init function anymore. You can just use the functions you need.

Usage

In all doc examples we are using the StdKeys implementation. You can switch it by changing the features and use other implementation or even write your own.

Create an account and an app

To use the sdk, you need a public and secret token.

The public token will be used in your sdk at the frontend and the secret token should only be used at your backend. You can set what function should be called with which token.

  1. Got to https://api.sentc.com/dashboard/register and create an account. You will be redirected to the account dashboard.
  2. Verify the email. We email you to make sure that your email address belongs to you.
  3. In your dashboard click on the blue button: New App. You will get the app tokens and the first jwt keys.

Now you are ready to use the sdk.

Install the sdk.

Please choose an implementation of the algorithms. There are StdKeys, FIPS or Rec keys. The impl can not work together.

  • StdKeys (feature = std_keys) are a pure rust implementation of the algorithms. They can be used in the web with wasm and on mobile.
  • FIPS keys (feature = fips_keys) are FIPS approved algorithms used from Openssl Fips. This impl does not support post quantum.
  • Rec keys (feature = rec_keys) or recommended keys are a mix of FIPS keys for the classic algorithms and oqs (for post quantum).

The net feature is necessary for the requests to the backend. The library reqwest is used to do it.

cargo add sentc
use sentc::keys::{StdUser, StdGroup};

async fn example()
{
	//register a user
	let user_id = StdUser::register("base_url".to_string(), "app_token".to_string(), "the-username", "the-password").await.unwrap();

	//login a user, ignoring possible Multi-factor auth
	let user = StdUser::login_forced("base_url".to_string(), "app_token", "username", "password").await.unwrap();

	//create a group
	let group_id = user.create_group().await.unwrap();

	//get a group. first check if there are any data that the user need before decrypting the group keys.
	let (data, res) = user.prepare_get_group("group_id", None).await.unwrap();

	//if no data then just decrypt the group keys
	assert!(matches!(res, GroupFetchResult::Ok));

	let group = user.done_get_group(data, None).unwrap();

	//invite another user to the group. Not here in the example because we only got one user so far
	group.invite_auto(user.get_jwt().unwrap(), "user_id_to_invite", user_public_key, None).await.unwrap();

	//encrypt a string for the group
	let encrypted = group.encrypt_string_sync("hello there!").unwrap();

	//now every user in the group can decrypt the string
	let decrypted = group.decrypt_string_sync(encrypted, None).unwrap();

	//delete a group
	group.delete_group(user.get_jwt().unwrap()).await.unwrap();

	//delete a user
	user.delete("password", None, None).await.unwrap();
}

Limitations

The protocol is designed for async long-running communication between groups.

  • A group member should be able to decrypt the whole communication even if they joined years after the beginning.
  • Group member should get decrypt all messages even if they were offline for years.

The both requirements make perfect forward secrecy impossible. See more at the Protocol how we solved it.

Contact

If you want to learn more, just contact me contact@sentclose.com.

Dependencies

~2–19MB
~290K SLoC