Problem
The cryptography implementation in remote communications is explicitly marked as needing expert review before production use.
File: packages/ocap-kernel/src/remotes/kernel/remote-comms.ts:91-93
// XXX IMPORTANT: All the cryptography here is completely amateur and needs
// to be vetted and overhauled in its entirety by an actual competent
// cryptography expert before being unleashed on an unsuspecting public
Current Crypto Usage
1. Key Generation (remote-comms.ts)
- Ed25519 key pair generation from random seed
- Seed stored as hex string in kernel store
- Used for libp2p peer identity
2. OCAP URL Encryption (remote-comms.ts)
- AES-GCM encryption for object references in OCAP URLs
- Random 32-byte key generated per kernel
- Base58 encoding for URL transport
Files Involved
| File |
Crypto Usage |
kernel/remote-comms.ts |
Key generation, AES-GCM encryption/decryption |
kernel/OcapURLManager.ts |
OCAP URL issuance using encrypted refs |
platform/connection-factory.ts |
Ed25519 key pair for libp2p identity |
Required Work
- Document current crypto usage in detail
- Engage cryptography expert for security review
- Implement recommended changes based on review
- Add test vectors for crypto operations
- Consider key rotation mechanisms
Questions for Review
- Is AES-GCM appropriate for OCAP URL encryption?
- Is the key derivation approach secure?
- Are there timing attack vulnerabilities?
- Should we use a standard key derivation function (HKDF, PBKDF2)?
- How should key rotation be handled?
Acceptance Criteria
Problem
The cryptography implementation in remote communications is explicitly marked as needing expert review before production use.
File:
packages/ocap-kernel/src/remotes/kernel/remote-comms.ts:91-93Current Crypto Usage
1. Key Generation (
remote-comms.ts)2. OCAP URL Encryption (
remote-comms.ts)Files Involved
kernel/remote-comms.tskernel/OcapURLManager.tsplatform/connection-factory.tsRequired Work
Questions for Review
Acceptance Criteria