UNPKG

@planq-network/encrypted-backup

Version:

Libraries for implemented password encrypted account backups

planq-sdk-docs.readthedocs.io/en/latest/encrypted-backup

planq-network/planq-sdk

65 lines (64 loc) 3.25 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
import { CircuitBreakerServiceContext } from '@planq-network/identity/lib/odis/circuit-breaker'; import { ServiceContext as OdisServiceContext } from '@planq-network/identity/lib/odis/query'; import { SequentialDelayStage } from '@planq-network/phone-number-privacy-common'; import { ScryptOptions } from './utils'; export interface HardeningConfig { /** * If provided, a computational hardening function (e.g. scrypt or PBKDF2) will be applied to * locally harden the backup encryption key. * * @remarks Recommended for password-encrypted backups, especially if a circuit breaker is not in * use, as this provides some degree of protection in the event of an ODIS compromise. When * generating backups on low-power devices (e.g. budget smart phones) and encrypting with * low-entropy secrets (e.g. 6-digit PINs) local hardening cannot offer significant protection. */ computational?: ComputationalHardeningConfig; /** If provided, ODIS will be used with the given configuration to harden the backup key */ odis?: OdisHardeningConfig; /** * If provided, a circuit breaker will be used with the given configuration to protect the backup key */ circuitBreaker?: CircuitBreakerConfig; } /** Configuration for usage of ODIS to harden the encryption keys */ export interface OdisHardeningConfig { /** * Rate limiting information used to construct the ODIS domain which will be used to harden the * encryption key through ODIS' domain password hardening service. * * @remarks Currently supports the SequentialDelayDomain. In the future, as additional domains are * standardized for key hardening, they may be added here to allow a wider range of configuration. */ rateLimit: SequentialDelayStage[]; /** Environment information including the URL and public key of the ODIS service */ environment: OdisServiceContext; } /** Configuration for usage of a circuit breaker to protect the encryption keys */ export interface CircuitBreakerConfig { /** Environment information including the URL and public key of the circuit breaker service */ environment: CircuitBreakerServiceContext; } export declare enum ComputationalHardeningFunction { PBKDF = "pbkdf2_sha256", SCRYPT = "scrypt" } export interface PbkdfConfig { function: ComputationalHardeningFunction.PBKDF; iterations: number; } export interface ScryptConfig extends ScryptOptions { function: ComputationalHardeningFunction.SCRYPT; } export type ComputationalHardeningConfig = PbkdfConfig | ScryptConfig; export declare enum EnvironmentIdentifier { MAINNET = "MAINNET", ALFAJORES = "ALFAJORES" } export declare const PIN_HARDENING_MAINNET_CONFIG: HardeningConfig; export declare const PIN_HARDENING_ALFAJORES_CONFIG: HardeningConfig; export declare const PASSWORD_HARDENING_MAINNET_CONFIG: HardeningConfig; export declare const E2E_TESTING_MAINNET_CONFIG: HardeningConfig; export declare const NO_QUOTA_MAINNET_CONFIG: HardeningConfig; export declare const PASSWORD_HARDENING_ALFAJORES_CONFIG: HardeningConfig; export declare const E2E_TESTING_ALFAJORES_CONFIG: HardeningConfig; export declare const NO_QUOTA_ALFAJORES_CONFIG: HardeningConfig;