-
Notifications
You must be signed in to change notification settings - Fork 7
Encryption modes
DataPeps supports different encryption modes for the data exchanged between identities with the use of resources or channels.
In Anonymous mode data is encrypted but not signed. This mode allows communicating with identities without verifying their signatures. This mode is used, for example, when an identity cannot fetch public keys from DataPeps.
Anonymous mode is the default encryption mode for channels.
When creating a resource Anonymous mode can be chosen like this:
let aliceResource = await aliceSession.Resource.create(resourceKind, resourcePayload, [alice.login], options: { type: types.ResourceType.ANONYMOUS })Anonymous mode is the default encryption mode for channels. When creating a channel it can be explicitly chosen like this:
let aliceChannel = aliceSession.Channel.create([alice.login, bob.login], options: { type: types.ResourceType.ANONYMOUS })"SES" stands for "sign-encrypt-sign". In this mode the encrypted data is signed with the key of the sender, encrypted with the key of the receiver and signed again with the key of the sender. This mode provides a high level of security and it should be used whenever possible.
SES mode is the default encryption mode for resources.
SES mode is the default encryption mode for resources. When creating a resource it can be explicitly chosen like this:
let aliceResource = await aliceSession.Resource.create(resourceKind, resourcePayload, [alice.login], options: { type: types.ResourceType.SES })When creating a channel SES mode can be explicitly chosen like this:
let aliceChannel = aliceSession.Channel.create([alice.login, bob.login], options: { type: types.ResourceType.SES })