Multiplayer access -- Sharing with the public vs. just trusted users?

hologram · February 13, 2018, 8:30pm

I’ve read through the multireader tutorial, but I’m having trouble understanding whether or not I can specify which files in app storage I’m sharing.

Let’s say I have private.json and shared.json. Is there currently a way to only share data in shared.json?

jude · February 13, 2018, 8:41pm

You can share any file you want with putFile(). You just need to specify whether or not to encrypt it in the options object.

jehunter5811 · February 13, 2018, 8:44pm

The app developer is going to largely control this but should make it obvious to the user. In the example of Documents in Graphite, every document you create is yours and yours alone. When you share a file, it’s actually create a copied version of that and sharing that file. At some point, with the help of something like automerge that document might actually live in two different places, but the user will always know they’ve shared the file.

I approach it as everything is not shared by default and only shared by choice (except in the case of Conversations).

I’m not sure if that’s what you’re asking exactly, though.

yukan · February 13, 2018, 9:02pm

Yes, like Jude said, you can choose which files to share by encrypting or not encrypting them.

hologram · February 13, 2018, 9:08pm

@jude and @yukan – I understand what you’re both getting at now.

I should have reframed my question as “Is there currently a way to only share data in shared.json with known and trusted parties?”

The answer to that question is more nuanced, and as @jehunter5811 was nice enough to show me, involves storing the trusted individual’s public key and encrypting a public file with that.

jude · February 13, 2018, 9:13pm

This sounds like a good thing to add to the storage API docs. Can you open an issue on blockstack.js for it? Thanks!

hologram · February 13, 2018, 9:14pm

Absolutely – thanks!

aaron · February 13, 2018, 10:53pm

Yes, I’d love to have better support for this in blockstack.js — basically, something like this:

putFile('shared.json', {encrypted: [chase.id, jude.id, yknl.id]})

Which would:

Fetch the app-specific public-keys of chase.id, jude.id and yknl.id
ECIES encrypt the data to each of those keys

The way that our encrypt functions are implemented makes Step 2 not too difficult to do, but it would require a bit of work.

Step 1 would need a little more work – basically, the app public key would need to be listed in the apps section of a user’s profile.json (or something along those lines). This could be added at app login, the same way that multi-player storage works now.

hologram · February 13, 2018, 11:07pm

Oh that’s really interesting. This might warrant a separate set of API methods to manage permissions. The list of ids could potentially be fairly large (i.e. if I have 1000 facebook friends, I’m passing around a 1000 item array everytime I need to write a file.) Managing permissions on specific storage endpoints should probably also be able to happen as a separate request.

So you may be able to create the file with:
putFile('shared.json', data, {encrypted: [chase.id, jude.id, yknl.id]})

But update who can view it with:
updateFilePermissions('shared.json, [chase.id, jude.id, yknl.id])

Or perhaps more future proof:

updateFilePermissions('shared.json, [
  { 'chase.id': 'some chmod style permissions string or an object of configurable bool vals' }
}

brandonparee · March 18, 2018, 6:03am

@aaron @hologram

I was trying to figure out this problem today and happened to stumble across this thread. Has there been any further discussion about the topic elsewhere? I have some questions and thoughts either way!

putFile('shared.json', {encrypted: [chase.id, jude.id, yknl.id]})

At first glance it seems like a method like this would end up creating multiple copies of the same file, one for each of the users. Am I missing something here?

Also, to encrypt the data for a specific user, it was mentioned that it would use a user’s ‘app-specific public-key’, I think the best approach would allow for a user to share data with someone who hasn’t yet signed into that specific application.

I have some (really rough) ideas for solving this problem in two parts:

Multiplayer Storage Permissions Application

Features:

An application that all Blockstack users had enabled by default
Create different permission sets that can be used by other applications:
- Public (unencrypted)
- Public only to signed in users
- Shared only with one profile
- Shared with many profiles
To allow for easy sharing between many profiles, users should be able to create reusable and extensible lists of profiles.
(Optional) Can read data from all applications
- Allows for editing the permissions of files used in other applications

This solution still however gets back to the question of, “How can we share keys to encrypt/decrypt data?”

I am unsure if the following makes sense, is safe, or is plausible:

A user’s permissions are stored in a public file and is “unencrypted” and:
- Has a section dedicated to each permission set
- Under each permission set the shared public/private key is encrypted for each user using their ‘Multiplayer Storage Permissions Application’ public key
Whenever a user makes a new permission set, create a new ECIES key pair and place it into the permissions file as stated above

A completely unencrypted file

brandonparee.id
{
  permissionId: randomId,
  publicKey,
  privateKey
}
chase.id
{
  permissionId: randomId,
  publicKey,
  privateKey
}

What the public file looks like

JUNK
JUNK

What the file looks like unencrypted to chase.id

STILL JUNK
chase.id
{
  permissionId,
  publicKey,
  privateKey
}

Multiplayer Storage Permissions API

Features:

Fetch all permissions defined by Multiplayer Storage Permissions application to allow users to encrypt files for a specific group
Encrypt a file given a permissionId
- Build on top of putFile?
Decrypt a file given a permissionId
- Build into getFile?
- When getFile is used it will check through permissions granted by the owner of the file for a matching permissionId
- The permissionId might need to be stored in encrypted files as a new property

There is a bunch of little details missing, but hopefully its enough to start a conversation!

nicktee · May 4, 2018, 4:29pm

@aaron Where can I follow the progress of this code? It’s an awesome feature I really need for my dapp! I noticed a feature in github for sign-validate support? Is this the correct code to look at?

Yummyblock · May 5, 2018, 7:07am

After I wrote a doc in the Graphite ,Where is the directory the doc would be stored?

igor1992 · August 18, 2018, 3:12pm

I made a proof of concept which could be helpful here Anonymous, Secure FileDrop Proof of Concept using BlockStack

MrLiu · August 29, 2018, 9:14am

hi,I am a new player, I have a problem, Although you can share any file you want with whether or not to encrypt,but how to control who acess to your data,please teach me

clydedcruz.id.blocks · October 5, 2018, 6:20am

@jehunter5811 how is a user with whom you share the file, notified that they have a new shared file? I understand that this could be accomplished using the inbox feature that is in the works. But how is this accomplished for graphite at the moment?

jehunter5811 · October 5, 2018, 10:59am

It’s not solved for as of yet. Rather than wait on the inbox feature, the plan is to introduce simple polling of the user’s contacts via a web worker. This would ensure that the polling doesn’t interrupt the user’s experience but when it did return a new message, a notification could be fired.