diff --git a/docs/SUMMARY.md b/docs/SUMMARY.md index 54a10b9..efe5e3b 100644 --- a/docs/SUMMARY.md +++ b/docs/SUMMARY.md @@ -29,19 +29,3 @@ * [atsign.com](https://atsign.com/) * [noports.com](https://noports.com) * [atProtocol specification](https://github.com/atsign-foundation/at\_protocol/blob/trunk/specification/at\_protocol\_specification.md) - -*** - -* [Glossary](glossary/README.md) - * [atsign](glossary/atsign.md) - * [cram](glossary/cram.md) - * [encryption](glossary/encryption.md) - * [namespace](glossary/namespace.md) - * [notification](glossary/notification.md) - * [pkam](glossary/pkam.md) - * [polymorphism](glossary/polymorphism.md) - * [pricing and costs](glossary/pricing-and-costs.md) - * [privacy](glossary/privacy.md) - * [public and private keys](glossary/public-and-private-keys.md) - * [self encryption key](glossary/self-encryption-key.md) - * [synchronization](glossary/synchronization.md) diff --git a/docs/glossary/README.md b/docs/glossary/README.md deleted file mode 100644 index 02577ad..0000000 --- a/docs/glossary/README.md +++ /dev/null @@ -1,2 +0,0 @@ -# Reference - diff --git a/docs/glossary/atsign.md b/docs/glossary/atsign.md deleted file mode 100644 index 127a2f0..0000000 --- a/docs/glossary/atsign.md +++ /dev/null @@ -1,21 +0,0 @@ -# atsign - -### What is an atSign - -An atSign is a handle (e.g. @alice) that functions as your digital identity. It uses end-to-end encryption to ensure that your data is 100% owned and controlled by you. - -An atSign has two states: deactivated and activated. To activate an atSign, CRAM authenticate into your secondary server. After successful CRAM authentication, your atSign is activated where a PKAM key pair is generated by your device and the CRAM key will be invalid; so that only you own the keys to your secondary server. - -Each atSign has a unique key that is used to verify whether you are the atSign’s rightful owner. After first activating an atSign, be sure to save its corresponding key in a secure location. You’ll need it to sign back into the app or use other apps on the atPlatform. - -### Example - -Alice has created their own atSign called @alice. Anyone who looks up @alice can only view the information that they’ve made public through [atWavi](https://atsign.com/apps/wavi/), an app that lets them set up and customize their public profile. They’ll have the freedom to adjust it as needed, and those changes will be viewable in a matter of seconds. - -### What you can do with an atSign - -At the moment, you can pair your atSign with any app on the atPlatform (the underlying technology behind atSigns) to enable the app to access, but not store, your data. The number of things you can do with your atSign will increase as more and more of these atApps are built. - -While we wait for the rest of the Internet to catch up, you can get ahead of the game by downloading the first batch of recently launched atApps. These include @atmospherePro, an end-to-end encrypted file sharing app, @buzz, an entirely new and private way to connect with others, and more. - -Discover these atApps [here](https://atsign.com/apps/). diff --git a/docs/glossary/cram.md b/docs/glossary/cram.md deleted file mode 100644 index 9c286de..0000000 --- a/docs/glossary/cram.md +++ /dev/null @@ -1,36 +0,0 @@ -# cram - -### Definition - -CRAM is a term you may have heard of when reading about the atPlatform. CRAM stands for challenge response authentication mechanism. It is an algorithm/mechanism used in cryptography commonly used for authentication in protocols. - -### atPlatform - -You use your CRAM secret to activate your atSign and authenticate into your (secondary server)\[/atplatform/secondary-server] secondary server for the first time. Once authenticated, you may add, update, delete, and lookup keys in your own secondary server. - -When users get their atSign from \{{< a target="\_blank" href="https://atsign.com/" >\}}atsign.com\{{< /a >\}}, they receive their CRAM secret in the form of a QR code. A CRAM secret is just a long string of randomly generated characters. The CRAM secret can also be fetched from a REST API since sometimes the QR code can be cumbersome. It is recommended that you let the SDK handle these API requests as it is easier and safer. - -CRAM is made easy with the atPlatform. Since the CRAM secret was generated and given by Atsign, that would be like Atsign generating your password for you. To opposite this, atPlatform's SDKs and authentication services (such as at\_onboarding\_flutter) make it easy to generate a `.atKeys` file for subsequent logins to your secondary. This `.atKeys` file is generated by your device and contains the necessary keys to encrypt/decrypt data in your secondary server and the secondary server of other atSigns. The `.atKeys` file is closely related to PKAM which you can read more about here. - -### atProtocol - -In the atProtocol, CRAM is a verb. - -The cram verb is used to bootstrap authenticate one's own self as an owner of a Secondary Server. It is intended to be used once until a set of PKI keys are cut on the owner's mobile device and from then on we use the pkam verb. - -The following regex represents the syntax of the cram verb: `r'^cram:(?.+$)'` - -Learn more about the cram verb \{{< a rel="canonical" target="\_blank" href="https://github.com/atsign-foundation/at\_protocol/blob/trunk/specification/at\_protocol\_specification.md#the-cram-verb" - -> \}} here \{{< /a >\}}. - -### Key Definitions - -* **CRAM**: challenge response authentication mechanism -* **CRAM Secret**: a long string of characters associated with each atSign for activation -* **.atKeys file**: holds encryption keys for PKAM authenticating -* **OTP**: one-time password - -### Related Resources - -\{{< card/breadcrumb href="/atplatform/specification" first="Protocol Specification" >\}} \{{< card/breadcrumb href="/atplatform/secondary-server" first="Secondary Server" >\}} \{{< card/breadcrumb href="/reference/encryption" first="Encryption" >\}} \{{< card/breadcrumb href="/reference/pkam" first="PKAM" >\}} diff --git a/docs/glossary/encryption.md b/docs/glossary/encryption.md deleted file mode 100644 index ee150af..0000000 --- a/docs/glossary/encryption.md +++ /dev/null @@ -1,27 +0,0 @@ -# encryption - -### Definition - -Encryption is a means of achieving privacy. It is a part of cryptography which has the Greek origin meaning of "secret writing". The goal of encryption is that assuming that an unwanted third party is eavesdropping on an insecure channel, said person would not be able to comprehend the transmitted information. Decryption is the process of converted encrypted information into a comprehensible format. Encryption and Decryption algorithms are known as ciphers. Encryption uses a key which is a set of values that the cipher, as an algorithm, will operate on. Encryption and Decryption go back a long way with one of the most well known ciphers being the [Caesar Cipher](https://en.wikipedia.org/wiki/Caesar\_cipher) - -### Video - -Check out our video on Encryption [here](https://www.youtube.com/watch?v=A12jdKPa4WE)! - -\{{< youtube src="https://www.youtube.com/embed/A12jdKPa4WE" >\}} - -### atPlatform - -The atPlatform implements end-to-end encryption that is best illustrated with the following example: @alice wishes to share her phone number with her friend @bob. To do this, @alice, who is on her own device, prompts her own secondary server to direct phone @alice at her friend @bob's secondary server. From here, a shared key is generated for @bob (@bob:shared\_key@alice). - -This shared key uses the same encryption process as the Symmetric Key Encryption, which is called AES (Advanced Encryption Standard) and involves three block ciphers: AES-128, AES-192 and AES-256. - -The atProtocol specifically uses AES-256 for Data Encryption Keys. - -The RSA (Rivest-Shamir-Adleman) encryption algorithm is then used to encrypt the shared key from the above example with @bob's public key. The atProtocol specifically utilizes RSA 2048. Note, that because the RSA algorithm is an Asymmetric Key Encryption method, a public and private key are generated. - -If you want to read more about Encryption and how it works on the atPlatform check this [Medium](https://atsigncompany.medium.com/data-encryption-caching-with-the-protocol-debe9efc0f49) article! - -### Related Resources - -\{{< card/breadcrumb link="/reference/public\_private\_keys/" first="Public and Private Keys" >\}} \{{< card/breadcrumb link="/reference/self\_encryption\_key/" first="Self-Encryption Key" >\}} \{{< card/breadcrumb link="/reference/privacy/" first="Privacy" >\}} diff --git a/docs/glossary/namespace.md b/docs/glossary/namespace.md deleted file mode 100644 index 2d1a9a0..0000000 --- a/docs/glossary/namespace.md +++ /dev/null @@ -1,30 +0,0 @@ -# namespace - -### Definition - -Atsign's CTO, Colin Constable says this in an interview on Namespaces: \{{\ -\}} "Most people are familiar with DNS (domain name system): for example, if you type “cnn.com”, “fox.com”, or “bbc.com”, you get news sites. But you can’t just type in “news” and expect the Internet to tell you which particular flavor of news you want. We need to create namespaces so that humans can remember the name and computers can translate it to Internet protocol. Once there is a namespace like “bbc.com,” you can reliably know that somebody owns that particular space, and it needs to be managed so that there are no clashes. For instance, you don’t want to type “bbc.com” and get sent to Amazon’s home page. That’s why they have to be unique, and we at Atsign created a new namespace with @Namespace." - -Feel free to read more on namespaces \{{< a rel="canonical" target="\_blank" href="https://atsigncompany.medium.com/the-hidden-beauty-of-protocol-namespaces-6f5fab7f7a09" >\}}here\{{< /a >\}}. - -### atPlatform - -Namespace is a common term that may occur when reading about the atPlatform. To put it simply, a namespace is a unique container to place data in. More in the context of the apps, namespaces are just atSigns associated with each app so a secondary server can be aware of which data belongs to who. See an example below. - -### Example - -When you ask someone “What is my name?” you will get a different answer for every person you ask. If you ask your parents, they may answer with a sweet nickname they gave you. If you ask your friends, they may answer with your first name. This is how namespaces work. You can ask different namespaces for data and get a different answer every time. - -In the context of the atProtocol, refer to the example below to improve your understanding. - -Example: - -* `phone.mospherepro` (phone is the key, mospherepro is the namespace) will answer with data=`123-123-1234` -* `phone.alice` (phone is the key, alice is the namespace) will answer with data=`444-444-4444` -* `phone.wavi` (phone is the key, wavi is the namespace) will answer with data=`555-555-5555` - -This is the beauty of the atProtocol. Each namespace replied with different information. People control their own data and which applications get what data. With the atPlatform, the people become in control of their own data privacy. - -### Related Resources - -\{{< card/breadcrumb href="/atplatform/specification" first="Protocol Specification" >\}} \{{< card/breadcrumb href="/atplatform/secondary-server" first="Secondary Server" >\}} \{{< card/breadcrumb href="/reference/polymorphism" first="Polymorphism" >\}} diff --git a/docs/glossary/notification.md b/docs/glossary/notification.md deleted file mode 100644 index 3060ce4..0000000 --- a/docs/glossary/notification.md +++ /dev/null @@ -1,124 +0,0 @@ -# notification - -### atPlatform - -#### Notification - -Notification enables developers to **notify** another atSign of some data event. It is used to **notify** another atSign that data from your secondary server was modified (updated or deleted). Some example notifications include: the key's value is updated, the key is deleted, the key's metadata changed, and more. - -The atPlatform takes care of all of the heavy lifting with encryption, verb building, transmission, etc. - -Read more [here](https://blog.atsign.dev/part-1-the-notify-verb-cko97bv8f00l5gws13umb0nvz). - -#### Monitor - -Monitor uses notifications. - -The monitor is used to receive notifications from the other secondary server. - -Read more \{{< a href="https://github.com/atsign-foundation/at\_client\_sdk/blob/trunk/packages/at\_client/lib/src/manager/monitor.dart" target="\_blank" rel="canonical" >\}}here\{{\\}}. - -### atProtocol - -#### notify verb - -The notify verb enables you to notify the atSign user of some data event. - -The following is the regex for the `notify` verb. - -``` -notify:((?update|delete):)?(ttl:(?\d+):)?(ttb:(?\d+):)?(ttr:(?(-)?\d+):)?(ccd:(?true|false):)?(@(?[^@:\s]-)):(?[^:]((?!:{2})[^@])+)@(?[^@:\s]+)(:(?.+))? -``` - -| Regex Snippet | Explanation, \[argument details], (example) | -| --------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| `(?update\|delete):)?` | Operation of the notification (update\|delete) | -| `(ttl:(?\d+):)?` | TTL (time to live), \[integer, 1 or more digits, optional argument] | -| `(ttb:(?\d+):)?` | TTB (time to birth), \[integer, 1 or more digits, optional argument] | -| `(ttr:(?(-)?\d+):)?` | TTR (time to refresh), \[integer, 1 or more digits, can be negative, optional argument], (e.g.: 86400 will refresh once a day) | -| `(ccd:(?true\|false):)?` | CCD (cascade delete), \[boolean, true\|false, optional argument], (e.g.: if the sender deletes their original key and ccd is true, the cached key gets deleted on both the sender's server and the recipient's server) | - -Following the metadata for creating the notification, next, we mention the AtKey the notification pertains to. - -| AtKey Regex Snippet | Explanation, \[argument details], (example) | -| ------------------------------------ | ---------------------------------------------------------------------------- | -| `(@(?[^@:\s]-))` | The atSign the notification is for, \[string, required argument], (`@alice`) | -| `(?[^:]((?!:{2})[^@])+)` | AtKey name, \[string, required argument], (e.g. 'signing\_publickey') | -| `@` | at separator | -| `(?[^@:\s]+)(:(?.+))` | sharedBy/creator atSign, \[string], (e.g. 'bob') | - -Example use of the `notify` verb: - -``` -notify:update:@farinataanxious:test@33thesad -``` - -Response: - -If the notification was successfully sent, then the id of the notification is returned. - -``` -data:0ce0d150-52bf-4f09-a473-5c64777b1c53 -``` - -Read more \{{< a href="https://github.com/atsign-foundation/at\_protocol/blob/trunk/specification/at\_protocol\_specification.md#the-sync-verb" target="\_blank" rel="canonical" >\}}here\{{\\}}. - -#### notify:list verb - -Notify list returns a list of notifications - -Regex - -``` -notify:(list (?.-)|list$) -``` - -Response: - -If the user is the owner, returns a list of received notifications. if a user is pol authenticated user, return a list of sent notifications - -``` -data:[{"id":"0e5e9e89-c9cb-423b-8972-8c5487215990","from":"@alice","to":"@bob","key":"@bob:phone@alice","value":12345,"operation":"update","epochMillis":1603714122636}] -``` - -#### notify:remove verb - -Notify remove will remove a notification from the Notify List - -Not to be confused with `notify:delete` which notifies another atSign of a key change event. - -Example: - -``` -notify:remove: -``` - -Response - -``` -data:success -``` - -#### monitor verb - -The monitor verb streams received notifications. - -The following is the regex - -``` -^monitor$|^monitor ?(?.-)?)$ -``` - -Response: - -Returns a stream of notifications - -``` -@alice@monitor notification: {"id":"773e226d-dac2-4269-b1ee-64d7ce93a42f","from":"@bob","to":"@alice","key":"@alice:phone@bob","value":null,"operation":"update","epochMillis":1603714720965} -``` - -Read more \{{< a href="https://github.com/atsign-foundation/at\_protocol/blob/trunk/specification/at\_protocol\_specification.md" target="\_blank" rel="canonical" >\}}here\{{\\}}. - -### Related Resources - -\{{< card/breadcrumb link="/atplatform/specification/" first="Protocol Specification" >\}} diff --git a/docs/glossary/pkam.md b/docs/glossary/pkam.md deleted file mode 100644 index 753dc07..0000000 --- a/docs/glossary/pkam.md +++ /dev/null @@ -1,33 +0,0 @@ -# pkam - -### Definition - -PKAM stands for public key authentication mechanism. It is a mechanism for encrypting/decrypting data between two parties. - -### atPlatform - -The atPlatform's packages and SDKs help apps generate a RSA PKAM public/private keypair and save this in a `.atKeys` file containing these keys. Since Atsign provided the CRAM secret, this poses an vulnerability since this is a shared secret between you and Atsign. To avert this, a new RSA PKAM keypair is generated on your device and the CRAM secret is no longer valid. The PKAM keypair is used for all subsequent authentications, and as you are the only one with access to the private key, you are the only one who is able to authenticate. - -The PKAM public key is given out to other clients who want to send data to you. The data they send to you is encrypted using your public key and is decrypted using your private key. Read more on asymmetric encryption here. - -The PKAM private key used by the client to authenticate into their own secondary server. It is just like the CRAM secret except it was generated by you (as opposed by Atsign) and completely owned by you. - -### atProtocol - -In the atProtocol PKAM is a verb. - -The pkam verb is used to authenticate one's own self as an owner of a Secondary Server using a PKI style authentication. - -The following regex represents the syntax of the pkam verb: `^pkam:(?.+$)` - -Learn more about the pkam verb \{{< a target="\_blank" href="https://github.com/atsign-foundation/at\_protocol/blob/trunk/specification/at\_protocol\_specification.md#the-cram-verb" >\}}here\{{< /a >\}}. - -### Key Definitions - -* **PKAM**: public key authentication mechanism -* **PKI**: public key infrastructure -* **RSA**: "Rivest-Shamir-Aldeman" is an assymetric encryption algorithm. Read more \{{< a target="\_blank" href="/reference/encryption" >\}} here\{{< /a >\}} - -### Related Resources - -\{{< card/breadcrumb href="/atplatform/specification" first="Protocol Specification" >\}} \{{< card/breadcrumb href="/atplatform/secondary-server" first="Secondary Server" >\}} \{{< card/breadcrumb href="/reference/encryption" first="Encryption" >\}} \{{< card/breadcrumb href="/reference/cram" first="CRAM" >\}} diff --git a/docs/glossary/polymorphism.md b/docs/glossary/polymorphism.md deleted file mode 100644 index e779db5..0000000 --- a/docs/glossary/polymorphism.md +++ /dev/null @@ -1,21 +0,0 @@ -# polymorphism - -### Definition - -The condition of occurring in several different forms. - -Polymorphism on the atPlatform is the ability to share different data depending on the context of who’s asking. atPlatform applications enable you to set up multiple personas for different areas of your life. When you share data with someone else, the value of that data may be different depending on the person receiving that data. This is true for both sides, you may ask for data from different sources and get a different answer for each one. - -### Polymorphic Data - -The [@buzz app](https://atsign.com/apps/buzz/) is a stellar example of polymorphic data on the atPlatform. @buzz is like your contacts application, but with a twist. Rather than manually entering details for all of your contacts, and having to deal with duplicate contact entries from trying to sync all of your contacts over the cloud, you simply connect with someone through their atSign. In @buzz, they can create and share a specific persona with you. For example, I might want to share my work phone and email with colleagues, but my phone and a different email with friends. I can set up separate “work” and “friends” personas with each set of information, so when I connect with someone new, all I have to do is share the correct persona with that person. Better yet, if I want to share multiple personas, I can do that too! If I move or change my email address, I can update my information in the app, and my contacts have access to the new information and don’t have to make any edits themselves. - -### Example - -@alice’s work persona may have a different value for email than her persona. When she shares her email with her colleagues, they will receive her work email, however, when she shares it with her friends and family, they will see her personal email. As she updates the data in each of her personas, the changes will be reflected in each person that she has shared the data with. - -To learn more about polymorphism see [this article post](https://medium.com/flutter-community/building-flutter-apps-with-no-backend-9715b764a81e#67d3) - -### Related Resources - -\{{< card/breadcrumb href="/reference/namespace/" first="Namespace" >\}} diff --git a/docs/glossary/pricing-and-costs.md b/docs/glossary/pricing-and-costs.md deleted file mode 100644 index 55568bb..0000000 --- a/docs/glossary/pricing-and-costs.md +++ /dev/null @@ -1,52 +0,0 @@ -# pricing and costs - -### Introduction - -Since the atPlatform is fully open-sourced and everyone can contribute, there is no cost for developers! When you make an app on the atPlatform, people that use your apps will not have to pay any fees for infrastructure or storage! The way that **Atsign** generates revenue is by using our special identifier which is known as an atSign. An atSign can come in many flavors with corresponding prices ranging from free, $10, $100, $1000, $5000. If you opt-in for the vanity atSign the prices increase as the atSign of your liking decreases in length and complexity. For each paid atSign you own, there is a $10 annual renewal fee. This fee does not apply to the free atSigns. What makes atSigns so awesome is that if your app is the first one someone pairs an atSign with, after buying their atSign, we pay you commission on that. Yep, you don't pay us, we pay you. - -### Video - -Not a fan of reading? Watch this [video](https://www.youtube.com/watch?v=npUMux-uS3Y) instead! - -\{{< youtube src="https://www.youtube.com/embed/npUMux-uS3Y" >\}} - -### Paid atSigns - -For paid atSigns the options are listed below: - -1. **For $10**: A _Hybrid_ atSign is an sign that ends with an underscore and up to four numbers: - * `atsignexample_01`\ - \ - -2. **For $100**: A _Custom_ atSign is an sign that is any combination of words, numbers, or even emojis! (at least five characters, or four characters if it includes a number or emoji): - * `atsignexample` - * `atest` - * `tes5`\ - \ - -3. **For $1000**: A _Custom_ atSign that is only three or four characters (no numbers): - * `test` - * `four` - * `tes` - * `dog`\ - \ - -4. **For $5000**: A _Custom_ atSign that is only three characters: - * `007` - * `te5` - * `r4n`\ - - -### Free atSigns - -For a FREE atSign there exists an atSign generator that creates a new set of atSigns at random for you to choose from! You are given two options: the first option requires you to add some pre-generated atSigns while the second option lets you generate an atSign based on your interests using _super-secret_ mode. Let's say you like music and sports, the atSign generator would perform its magic and dish out: - -``` -* melodic74 -* canopy22wild -* 10axepowernoise -* Modest89rackets -* 90bossaball -``` - -\{{< button/link href="https://my.atsign.com/go" type="primary" text="Get started for free" >\}} diff --git a/docs/glossary/privacy.md b/docs/glossary/privacy.md deleted file mode 100644 index b7b8baa..0000000 --- a/docs/glossary/privacy.md +++ /dev/null @@ -1,18 +0,0 @@ -# privacy - -### Definition - -We live in an age of information. Information is an asset that has a similar value much like other assets that you might own. As an asset, that information must be secured from potential attacks or unauthorized access. There are several security goals that must be considered: - -* **Confidentiality**: Hidden from unauthorized access. -* **Integrity**: Protected from unauthorized change. -* **Availability**: Available to an authorized party when needed. -* **Authentication/Liveness**: Ensuring the session is "current" rather than a replay of an earlier session. For example, if you are chatting with a certain person, it would be beneficial to know that the person you are chatting with is indeed who they say they are ano not an unwanted intruder posing as the trusted person. -* **Non-repudiation**: Assurance that an actor behaved in a way they cannot deny. - * I.e. proving that a sender sent a message or receiver received it. - -### Video - -Not a fan of reading? Watch this [video](https://www.youtube.com/watch?v=F1txoXUPeSA) instead! - -\{{< youtube src="https://www.youtube.com/embed/F1txoXUPeSA" >\}} diff --git a/docs/glossary/public-and-private-keys.md b/docs/glossary/public-and-private-keys.md deleted file mode 100644 index 66e766d..0000000 --- a/docs/glossary/public-and-private-keys.md +++ /dev/null @@ -1,75 +0,0 @@ -# public and private keys - -### Definition - -A private key is used in asymmetric key cryptography. Asymmetric key cryptography is based on applying mathematical functions to numbers to achieve personal secrecy. It uses two keys, one being the private key. If you think of decryption as locking and unlocking padlocks with keys, then the padlock that is locked with a public key can only be unlocked with its corresponding private key. - -On the other hand, public keys are distributed to the trusted masses. This is done through a public-key distribution channel. This channel should provide authentication and integrity. Someone should not send their public key to the community pretending to have a different public key. Everyone should have their own private and public keys. For example, Bob only needs one private key to receive all correspondence in the community, but Alice needs _n_ public keys to communicate with _n_ entities in the community, one public key for each entity. In other words, Alice needs a ring of public keys. - -### How it works at Atsign - -A key in the atProtocol can be formed by using any alphanumeric and special characters (UTF-8) excluding "@", ":" and a white space (" "). A key in a secondary can be any of the following 5 types: - -1. Public Key - - * A public key is a key which can be looked up by any atSign holder. - * A public key should be part of the _scan_ verb result. - * Format of the public key should be **public**:\: - - **Example:** - - `public:location@alice` - - > The owner of the secondary should be allowed to update or delete the value of a public key. -2. Self Key - - * A Self key is a key which cannot be looked up any atSign holder other than the one created it. - * A Self key should not be returned in a _scan_ verb result. - * Format of the Self key should be **privatekey**:\: - - **Example:** - - `privatekey:pk1@alice` - - > The owner of the secondary should be allowed to update or delete the value of a private key. -3. Shared key - - * A shared key can only be looked up by an atSign holder with whom the data has been shared. - * A shared key should be part of the _scan_ verb result only for the person who created it and the specific person it has been shared with. - * Format of the key shared with someone else should be\ - **cached**::\: - - **Example:** - - `@bob:phone@alice` - - > Note: Above Key should be part of scan verb result for only @alice and @bob - - > The owner of the secondary should be allowed to update or delete the value of a user key. - - **More context on shared keys**: We know that Atsign uses [AES-256 & RSA-2048](https://docs.atsign.com/reference/encryption/) for symmetric and asymmetric encryption respectfully. - - * RSA-2048 can encrypt up to 214 bytes which does not constitute for a lot of data. However, because it is asymmetric, we can use it to ensure that you are you by verifying that you have your private key. - * AES-256 can encrypt around a whopping 250 million terabytes which is practically unlimited. The downside is that because this is a symmetric key, we cannot use it to authorize that you are you since this is shared with the recipient. - - To remediate this, I can generate an AES(shared) key, and encrypt it using your public RSA key. Then we can decrypt said AES key using your private RSA key. Since you are the only holder of your private key, I can ensure that only the two of us hold the AES key. Now we can share information back-and-forth safely using the AES key as a means of encryption/decryption. -4. Private Key - * Private keys start with an underscore(\_) and are not displayed in scan results. Private keys can only be looked up by the owner of the secondary -5. Cached Key - - * A cached key is a key that was originally created by another atSign owner but is now cached on the Secondary Server of another person's atSign as they were given permission to cache it. - * A cached key should be listed in the _scan_ verb result for the atSign owner who cached it. - * Format of the key shared with someone else should be\ - **cached**::\: - - **Example:** - - `cached:@bob:phone@alice` - - > The person who has cached the key should not be allowed to update the cached key. - - > An atSign owner who has created and shared the key should be allowed to update a cached key, and if the "autoNotify" config parameters is set to true, the updated value should be notified (please refer to the `notify` verb) and the cached key updated with the new value. - - > If the person who originally shared the keys set the CCD (Cascade delete) to true, the cached key will be deleted when the original key is deleted. - -

End-to-end encryption with public / private key pair

diff --git a/docs/glossary/self-encryption-key.md b/docs/glossary/self-encryption-key.md deleted file mode 100644 index 541d04e..0000000 --- a/docs/glossary/self-encryption-key.md +++ /dev/null @@ -1,15 +0,0 @@ -# self encryption key - -### Definition - -Self-Encryption key is an AES symmetric key that you own for encrypting data for yourself. - -### atPlatform - -In the atPlatform, the self-encryption key is used to encrypt data that is stored in your own secondary server. It is crucial that this key is kept secret and owned only by you so that third parties like Atsign cannot see your data. - -The self-encryption key is generated during the CRAM process when your PKAM RSA keypair is generated and your atSign is activated. - -### Related Resources - -\{{< card/breadcrumb href="/reference/atsign" first="atSign" >\}} \{{< card/breadcrumb href="/reference/encryption" first="Encryption" >\}} \{{< card/breadcrumb href="/reference/public-private-keys" first="Public and Private Keys" >\}} \{{< card/breadcrumb href="/reference/cram" first="CRAM" >\}} \{{< card/breadcrumb href="/reference/pkam" first="PKAM" >\}} diff --git a/docs/glossary/synchronization.md b/docs/glossary/synchronization.md deleted file mode 100644 index 479fba0..0000000 --- a/docs/glossary/synchronization.md +++ /dev/null @@ -1,22 +0,0 @@ -# synchronization - -### Definition - -With atProtocol, your data is encrypted with your self encryption key and stored on your device. Periodically, this data is copied securely over to a dedicated cloud server which only you can decrypt and read since you are the only one who owns the private key. No one else, including **Atsign** can read your data. This process is known as synchronization. - -### atPlatform - -First, we need to touch up on what local & remote secondaries are: - -1. **Remote Secondary**: A microservice with a DNS address that makes it addressable, provides a backup of your data in case of loss on the phone, and provides a joining place to synchronize data if you have more than one device. -2. **Local Secondary**: A copy of data that allows for fast interactivity and offline support. Every activated atSign gets its remote secondary which runs on Atsign's servers. All of your data is signed and encrypted, so Atsign cannot see it. - -Synchronization aims to keep both local and remote secondaries with the same data. If by any chance the device is lost, then the data can be retrieved from the remote secondary: - -Two main scenarios require synchronization. The first occurs when your device is offline. Updates are saved to your device but not synced to the server. Once the device goes online, those saved updates get synced to the server. The second scenario is when you have multiple devices: one device is offline while the other is online. Updates from the online device will get synced to the server periodically. However, the offline device will not be able to pull the changes until it is back online. - -_To read more about synchronization and how it works check out this_ [_Medium Article_](https://atsigncompany.medium.com/the-protocol-synchronization-77b00ca5341b) _we made._ - -### Related Resources - -\{{< card/breadcrumb link="/atplatform/root-server/" first="Root Server" >\}} \{{< card/breadcrumb link="/atplatform/secondary-server/" first="Secondary Server" >\}}