mirror of https://github.com/poanetwork/quorum.git
permission: corrected documentation structure
This commit is contained in:
parent
dccc0979da
commit
0f0d353793
|
@ -12,13 +12,6 @@ This enables all sensitive operations to be handled in a single place, without a
|
||||||
|
|
||||||
The Transaction Manager, which handles peer management and database access, as well as Quorum communication does not perform **any** encryption/decryption, greatly reducing the impact an attack can have.
|
The Transaction Manager, which handles peer management and database access, as well as Quorum communication does not perform **any** encryption/decryption, greatly reducing the impact an attack can have.
|
||||||
|
|
||||||
### Enclave Encryption Technique
|
|
||||||
|
|
||||||
The Enclave encrypts payloads sent to it by the Transaction Manager using xsalsa20poly1305 (payload container) and curve25519xsalsa20poly1305 (recipient box). Each payload encryption produces a payload container, as well as N recipient boxes, where N is the number of recipients specified in the `privateFor` param of the Transaction.
|
|
||||||
|
|
||||||
* A payload container contains the payload encrypted with a symmetric key and a random nonce
|
|
||||||
* A recipient box is the Master Key for the payload container encrypted for the public key of a recipient using a random nonce. (Note that this is basically how PGP works, but using the [NaCl](https://nacl.cr.yp.to/) cryptographic primitives.)
|
|
||||||
|
|
||||||
### What exactly does the enclave handle?
|
### What exactly does the enclave handle?
|
||||||
|
|
||||||
The Tessera enclave **handles** the following data:
|
The Tessera enclave **handles** the following data:
|
||||||
|
@ -37,15 +30,6 @@ The enclaves **performs** the following actions on request:
|
||||||
- decrypting transactions for a given recipient (or sender)
|
- decrypting transactions for a given recipient (or sender)
|
||||||
- adding new recipients for existing payloads
|
- adding new recipients for existing payloads
|
||||||
|
|
||||||
### Private Key Generation Algorithm
|
|
||||||
The following steps detail the technique used to manage the private keys:
|
|
||||||
|
|
||||||
1. Given a password P
|
|
||||||
2. Generate random Argon2id nonce
|
|
||||||
3. Generate random NaCl secretbox nonce
|
|
||||||
4. Stretch P using Argon2id (and the Argon2id nonce) into a 32-byte master key (MK)
|
|
||||||
5. Encrypt Private key in secretbox using secretbox nonce and Argon2i-stretched MK
|
|
||||||
|
|
||||||
### Where does the Enclave sit in the private transaction flow?
|
### Where does the Enclave sit in the private transaction flow?
|
||||||
|
|
||||||
The Enclave is the innermost actor of the sequence of events. The below diagram demonstrates where the enclave sits:
|
The Enclave is the innermost actor of the sequence of events. The below diagram demonstrates where the enclave sits:
|
||||||
|
|
Loading…
Reference in New Issue