Module p2panda_rs::secret_group

source ·
Expand description

Create and moderate large secret groups to maintain key material for secure messaging.

p2panda uses the MLS (Messaging Layer Security) protocol for group key negotiation to establish secrets in a group of users for Sender Ratchet Secrets or Long Term Secrets. Both settings give confidentiality, authenticity and post-compromise security, while the sender ratchet scheme also gives forward secrecy.

A group of users sharing that secret state is called a secret group in p2panda. Sender ratchet encryption is interesting for applications with high security standards where every message is individually protected with an ephemeral key, whereas long-term secret encryption is useful for building application where keys material is reused for multiple messages over longer time, so past data can still be decrypted, even when a member joins the secret group later.

Example

// Define provider for cryptographic methods and key storage
let provider = MlsProvider::new();

// Generate new Ed25519 key pair
let key_pair = KeyPair::new();

// Create new group member based on p2panda key pair
let member = SecretGroupMember::new(&provider, &key_pair)?;

// Create a secret group with member as the owner
let mut group = SecretGroup::new(&provider, &group_instance_id, &member)?;

// Encrypt message
let ciphertext = group.encrypt(&provider, b"Secret Message")?;

This module also provides lower-level methods to maintain MLS (Messaging Layer Security) group state for secure group messaging in p2panda as well as Structs and methods to handle p2panda Long Term Secrets.

Long Term Secrets contain symmetric AEAD keys which are used to en- & decrypt data over longer periods of time, spanning over multiple MLS group epochs.

See: https://openmls.tech for more information.

Re-exports

Modules

  • error
    Error types for creating and managing a secret group.

Structs

  • MlsProvider
    Implements the OpenMlsCryptoProvider trait to be used as a crypto and key store backend for all other MLS structs and methods.
  • SecretGroup
    Create or join secret groups, maintain their state and en- / decrypt user messages.
  • SecretGroupCommit
    Plaintext commit message which is published on the network to announce group changes.
  • SecretGroupMember
    Member of a secret group holding the key material for creating and signing new KeyPackages.

Enums

  • SecretGroupMessage
    Container around encrypted messages to distinct if they contain an MLS application message or user data encrypted with a long-term secret.