# @seald-io/sdk-plugin-ssks-2mr

This module is a plugin for the Seald SDK : @seald-io/sdk (opens new window).

The @seald-io/sdk-plugin-ssks-2mr (opens new window) module allows to use the SSKS key storage service to store Seald identities easily and securely, encrypted by a key stored on your back-end server.

This module exposes a function, that takes keyStorageURL as argument, and returns a SDKPlugin which can be passed to the SealdSDK constructor.

When the Seald SDK is passed this plugin, the SealdSDK instance is modified to have a ssks2MR property, which exposes the SSKS2MR interface.

To use this plugin, your back-end server must first create an SSKS identity for the user in question by giving their email address. Also, the server has to generate a secure random secret key (called "twoManRuleKey") for the user.

After that, before each use of this plugin, your back-end server must start an SSKS session for the user. The server responds with a session_id and with a boolean must_authenticate.

If there has never been an identity stored on SSKS for this user, the server responds with must_authenticate to false. In that case, you can directly call saveIdentity with no challenge.

Otherwise, the user then receives an email, containing a challenge, and this plugin can use the sessionId, the twoManRuleKey, and the challenge to store or retrieve their Seald identity on SSKS.

If the identity has been stored without no challenge, the first time the identity is retrieved afterwards, the keys of the identity in question are automatically renewed and stored again onto SSKS. If the same identity is also stored elsewhere (for example with @seald-io/sdk-plugin-localstorage), you will have to save it again.

You can find more information about the SSKS API for your back-end server here.

Example:

import SealdSDK from '@seald-io/sdk-web'
import SealdSDKPluginSSKS2MR from '@seald-io/sdk-plugin-ssks-2mr'

const seald = SealdSDK({
  appId,
  plugins: [SealdSDKPluginSSKS2MR()] // passing the plugin to SealdSDK
})
await seald.initialize()

// Creating a Seald identity
await seald.initiateIdentity({ userId, userLicenseToken })
// The SealdSDK instance now has a `ssks2MR` property : we can use `saveIdentity`
await seald.ssks2MR.saveIdentity({ userId, sessionId, email, twoManRuleKey }) // `twoManRuleKey` is the secret key stored by your app's back-end to secure this user's identity

# Table of contents

# Interfaces

# Type aliases

# Properties

# Type aliases

# KeyStore2MR

Ƭ KeyStore2MR: Object

Internal interface to the SSKS two-man rule API.

WARNING: Do not use directly.

# Type declaration

Name Type
challengeValidate (sessionId: string, challenge: string, email: string) => Promise<Object>
push (appId: string, userId: string, sessionId: string, twoManRuleKey: string, data: Buffer) => Promise<void>
search (appId: string, userId: string, sessionId: string, twoManRuleKey: string) => Promise<Object>

# Properties

# default

default: (keyStorageURL: string) => SDKPlugin

# Type declaration

▸ (keyStorageURL?): SDKPlugin

# Parameters
Name Type Default value Description
keyStorageURL string 'https://ssks.seald.io/' Optional. URL of the SSKS server to use. Defaults to 'https://ssks.seald.io/'
# Returns

SDKPlugin