Seald: documentationDefinitions
Starting from the notions of symmetric & asymmetric encryption, here are some definitions related to Seald's protocols.
User
A user is the entity (usually a person) that uses the SDK through the application in which the SDK is integrated (like the Seald desktop application).
It is designated by its id generated by the Seald server during account creation. This id is sometimes called "sealdId" or "Seald userId".
SigningKey
A public/private key pair used by a User to sign and authenticate.
EncryptionKey
A public/private key pair used by a User to encrypt and decrypt.
Identity
An Identity is the combination of a SigningKey and an EncryptionKey of a User. We can speak of the "private part" or the "public part" of an Identity to designate respectively the private or public keys of the Identity.
The keys of an Identity may be renewed, and an Identity may be revoked.
An Identity is sometimes called a "Device" or "Key" (especially in the dashboardAPI) and is referred to by its id generated by the Seald server when it is created (sometimes called "deviceId" or "keyId").
A User can have multiple Identities, each with a different SigningKey and EncryptionKey, which are mutually signed in the Sig-Chain to ensure no one can arbitrarily add an Identity to a User.
Chain of signatures
A mechanism for verifying the integrity of a User's Identity is available in Seald, it is explained in detail in the dedicated part.
In a simplified way, each operation of creation, renewal of keys or revocation of an Identity is recorded in a chain (the Sig-Chain) in the form of a block. Each block contains the transaction information and the hash of the previous block.
Each block addition to the chain is signed by the SigningKey of a valid Identity of that User, except for the first block which is self-signed, and revocation blocks which can be arbitrarily added through the Seald API.
By knowing the hash of the last block of the Sig-Chain of a User, we can prove the integrity of the list of his Identity transferred by the Seald server.
Message
A Message is an element to be protected such as a string of characters, an email or a file of any kind that a User wishes to secure.
MessageID
At the beginning of the encryption, the SDK makes a request to the Seald servers in order to assign to the Message a unique identifier called MessageID.
MessageKey
This is the term used for the symmetric key needed to decrypt a Message.
EncryptedMessageKey
This is a MessageKey protected end-to-end using the public key of the EncryptionKey of a Message recipient. The private key of the EncryptionKey recipient is required in order to recover a MessageKey from an EncryptedMessageKey.
EntrustedMessageKey
This is a MessageKey protected at rest so that only Seald servers can retrieve the MessageKey. This is used in case the recipient is not a Seald User, and therefore has no Identity and therefore no EncryptionKey to encrypt.