Seald: documentationAnonymous encryption
In addition to the full SDK, Seald also offers an anonymous encryption SDK. This enables your application to provide a way for users without Seald identity (unregistered users or users who are not logged-in) to encrypt data for users with a Seald identity. You can also use it to have your server encrypt data for your users.
As a security measure, yourserver must allow these anonymous encryptions using JSON Web tokens.
Import and instantiation
The Seald Anonymous Encryption SDK is imported separately from the full SDK.
Browser
There are three ways to use the Anonymous SDK in your browser, depending on your needs and the architecture of your web application.
Polyfilled library
import AnonymousSDKBuilder from '@seald-io/sdk/anonymous' // if your bundler supports custom entry-points (supported by Webpack 5)
import AnonymousSDKBuilder from '@seald-io/sdk/anonymous-browser' // if your bundler supports custom entry-points (supported by Webpack 5) and you want to explicitely import the browser version
import AnonymousSDKBuilder from '@seald-io/sdk/browser/anonymous-sdk.polyfilled.js' // explicit import
const anonymousSDK = AnonymousSDKBuilder({ apiURL })import AnonymousSDKBuilder from '@seald-io/sdk/anonymous' // if your bundler supports custom entry-points (supported by Webpack 5)
import AnonymousSDKBuilder from '@seald-io/sdk/anonymous-browser' // if your bundler supports custom entry-points (supported by Webpack 5) and you want to explicitely import the browser version
import AnonymousSDKBuilder from '@seald-io/sdk/browser/anonymous-sdk.polyfilled.js' // explicit import
const anonymousSDK = AnonymousSDKBuilder({ apiURL })This is a bundle, which already includes all necessary libraries, dependencies, and polyfills.
Use this method if you are using a bundler such as webpack, but you do not want to configure your bundler to include necessary polyfills.
Library
import AnonymousSDKBuilder from '@seald-io/sdk/anonymous-browser-library' // if your bundler supports custom entry-points (supported by Webpack 5)
import AnonymousSDKBuilder from '@seald-io/sdk/browser/anonymous-sdk.js' // explicit import
const anonymousSDK = AnonymousSDKBuilder({ apiURL })import AnonymousSDKBuilder from '@seald-io/sdk/anonymous-browser-library' // if your bundler supports custom entry-points (supported by Webpack 5)
import AnonymousSDKBuilder from '@seald-io/sdk/browser/anonymous-sdk.js' // explicit import
const anonymousSDK = AnonymousSDKBuilder({ apiURL })This imports @seald-io/sdk/browser/anonymous-sdk.js, which is the wrapper for the browser.
Use this method if you use a bundler like Webpack. For this, refer to the section Custom bundling and transpilation of the import guide.
This method is recommended, as it reduces the duplication of dependencies and polyfills, so it minimizes the final size of your application.
Bundle
Copy the file @seald-io/sdk/browser/anonymous-sdk.browser.js into your project, then load it in a <script> tag.
<html>
<head>
...
<script src="/libraries/anonymous-sdk.browser.js"></script>
<script>
var anonymousSDK = window.AnonymousSDK({ apiURL })
</script>
...
</head>
</html><html>
<head>
...
<script src="/libraries/anonymous-sdk.browser.js"></script>
<script>
var anonymousSDK = window.AnonymousSDK({ apiURL })
</script>
...
</head>
</html>This is a bundle, which already includes all necessary libraries, dependencies, and polyfills.
It exposes the Anonymous SDK constructor function in the global variable window.AnonymousSDK.
Node.js / Electron
import { AnonymousSDKBuilder } from '@seald-io/sdk'
const anonymousSDK = AnonymousSDKBuilder({ apiURL })import { AnonymousSDKBuilder } from '@seald-io/sdk'
const anonymousSDK = AnonymousSDKBuilder({ apiURL })This imports the Node wrapper for the Anonymous SDK.
You may want to use this on your NodeJS server, in an Electron desktop application, for your unit-tests ...
React-Native
Installation
The Anonymous SDK for react-native has peer dependencies that must be installed separately:
react-native-modpowreact-native-get-random-values
You can install them with the command:
npm i -S react-native-modpow react-native-get-random-valuesnpm i -S react-native-modpow react-native-get-random-valuesBundle
If you do not configure the transpilation of your application yourself, you can use the bundled, transpiled and minified version of the Anonymous SDK. It can be used as is.
import AnonymousSDKBuilder from '@seald-io/sdk/anonymous-react-native' // if your bundler supports custom entry-points (not supported by Metro)
import AnonymousSDKBuilder from '@seald-io/sdk/react-native/anonymous-sdk-react-native.bundle.js' // explicit import
const anonymousSDK = AnonymousSDKBuilder({ apiURL })import AnonymousSDKBuilder from '@seald-io/sdk/anonymous-react-native' // if your bundler supports custom entry-points (not supported by Metro)
import AnonymousSDKBuilder from '@seald-io/sdk/react-native/anonymous-sdk-react-native.bundle.js' // explicit import
const anonymousSDK = AnonymousSDKBuilder({ apiURL })Library
If your application is itself transpiled, you can import the source library. This will allow you to optimise the size of your application.
import AnonymousSDKBuilder from '@seald-io/sdk/anonymous-react-native-library' // if your bundler supports custom entry-points (not supported by Metro)
import AnonymousSDKBuilder from '@seald-io/sdk/react-native/anonymous-sdk-react-native.js' // explicit import
const anonymousSDK = AnonymousSDKBuilder({ apiURL })import AnonymousSDKBuilder from '@seald-io/sdk/anonymous-react-native-library' // if your bundler supports custom entry-points (not supported by Metro)
import AnonymousSDKBuilder from '@seald-io/sdk/react-native/anonymous-sdk-react-native.js' // explicit import
const anonymousSDK = AnonymousSDKBuilder({ apiURL })This library will need to be transpiled before it can be used. See the Custom bundling and transpilation section of the import guide.
JSON Web Tokens
As a security measure, your server must allow these anonymous encryptions using JSON Web tokens.
Anonymous encryption is done in two steps:
- recovery of the recipients' encryption keys
- creation of the session for these recipients
Each of these two steps must be authorized by a JSON Web Token. You will find detailed examples of how to generate these JWTs in multiple programming languages in the paragraph JWTs for anonymous encryption of our documentation page about JWTs.
TIP
Retrieving recipient keys may require multiple queries. It is therefore strongly advised not to define a jti on the JWT in question, otherwise requests after the first one may fail.
On the contrary, the session creation is done in a single request. It is therefore recommended defining a jti, to avoid the same JWT being used several times during the allowed time interval.
TIP
Even if technically nothing prevents to use only one JWT for both operations, it is recommended to create two different JWTs for key retrieval and for session creation, in order to be able to define a jti on the session creation JWT, so that it can be used only once.
For more information about the generation of JSON Web Tokens, refer to this documentation
Usage
Now you have everything you need to do an anonymous encryption. This can be done with one of these two functions:
anonymousSDK.encrypt, to directly encrypt a file;anonymousSDK.createEncryptionSession, to create anAnonymousEncryptionSession.
anonymousSDK.encrypt
This function allows you to directly encrypt a file.
The noteworthy arguments for this function are:
clearFile: Required. The file to encrypt. Can be astring, aBuffer, aBlob, a WebStreamReadableStream, or a NodeReadablestream. If you are using aReadableStreamor aReadable, you must also give thefileSizeargument.getKeysToken: Optional. The JWT used for the key retrieval. If not supplied, the key retrieval will useencryptionToken.encryptionToken: Required. The JWT used for session creation.sealdIds: Required. Array of Seald IDs of the recipients of the session to create.
The return value of this function is a Promise, containing:
id: string, ID of the session for the encrypted file.encryptedFile: newly encrypted file, in the same format as the givenclearFile.
Example of use:
const { id, encryptedFile } = await anonymousSDK.encrypt({
getKeysToken,
encryptionToken,
sealdIds: [user1SealdId, user2SealdId],
clearFile: clearFileBuffer,
filename: 'test.txt',
})const { id, encryptedFile } = await anonymousSDK.encrypt({
getKeysToken,
encryptionToken,
sealdIds: [user1SealdId, user2SealdId],
clearFile: clearFileBuffer,
filename: 'test.txt',
})anonymousSDK.createEncryptionSession
This function allows you to create an AnonymousEncryptionSession, which you can then use to encrypt and decrypt files and messages.
The noteworthy arguments for this function are:
getKeysToken: Optional. The JWT used for the key retrieval. If not supplied, the key retrieval will useencryptionToken.encryptionToken: Required. The JWT used for session creation.sealdIds: Required. Array of Seald IDs of the recipients of the session to create.
The return value of this function is a Promise, containing an AnonymousEncryptionSession, which you can use to encrypt and decrypt files and messages.
Example of use:
// Create an `AnonymousEncryptionSession`
const session = await anonymousSDK.createEncryptionSession({
getKeysToken,
encryptionToken,
sealdIds: [user1SealdId, user2SealdId]
})
// Encrypt a file
const encryptedFile = await session.encryptFile({
clearFile: clearFileBuffer,
filename: 'test.txt'
})
// Encrypt a message
const encryptedMessage = await session.encryptMessage('Secret Message')// Create an `AnonymousEncryptionSession`
const session = await anonymousSDK.createEncryptionSession({
getKeysToken,
encryptionToken,
sealdIds: [user1SealdId, user2SealdId]
})
// Encrypt a file
const encryptedFile = await session.encryptFile({
clearFile: clearFileBuffer,
filename: 'test.txt'
})
// Encrypt a message
const encryptedMessage = await session.encryptMessage('Secret Message')