Skip to content

Commit d9578b0

Browse files
fspreissfspreiss
authored
Migrate Rust vetKD example to use management canister (#1144)
1 parent c06f27d commit d9578b0

File tree

16 files changed

+915
-1910
lines changed

16 files changed

+915
-1910
lines changed

rust/vetkd/Cargo.lock

Lines changed: 225 additions & 850 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

rust/vetkd/Cargo.toml

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,2 @@
11
[workspace]
2-
members = [
3-
"src/system_api",
4-
"src/app_backend",
5-
]
2+
members = ["src/app_backend"]

rust/vetkd/Makefile

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,6 @@ node_modules:
99
.PHONY: deploy
1010
.SILENT: deploy
1111
deploy: node_modules
12-
dfx canister create system_api --specified-id s55qq-oqaaa-aaaaa-aaakq-cai
1312
dfx deploy
1413

1514
.PHONY: test

rust/vetkd/README.md

Lines changed: 26 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -1,58 +1,46 @@
1-
# vetKD API
1+
# Basic vetKeys example (Motoko)
22

3-
This repository provides a canister (`src/system_api`) that offers the vetKD system API proposed in https://github.com/dfinity/interface-spec/pull/158, implemented in an **unsafe** manner **for demonstration purposes**.
3+
This example demonstrates how to use the Internet Computer's **vetKeys** feature to:
44

5-
Additionally, the repository provides:
5+
1. Derive a (symmetric) cryptographic AES-GCM-256 key *in the user's browser*, and use it there for encryption and decryption.
6+
2. Use identity-based encryption (IBE) to encrypt some plaintext for a particular *principal*, derive a respective decryption key *in the user's browser* for the user that is currently logged in, and use it to decrypt some ciphertext.
67

7-
* An example app backend canister (`src/app_backend`) implemented in **Rust** that makes use of this system API to provide caller-specific symmetric keys that can be used for AES encryption and decryption.
8+
It includes:
9+
10+
* An example app backend canister (`src/app_backend`) implemented in **Rust** that provides caller-specific symmetric keys that can be used for AES encryption and decryption.
811

912
* An example frontend (`src/app_frontend_js`) that uses the backend from Javascript in the browser.
1013

1114
The frontend uses the [ic-vetkd-utils](https://github.com/dfinity/ic/tree/master/packages/ic-vetkd-utils) to create a transport key pair that is used to obtain a verifiably encrypted key from the system API, to decrypt this key, and to derive a symmetric key to be used for AES encryption/decryption.
1215

1316
Because the `ic-vetkd-utils` are not yet published as NPM package at [npmjs.com](https://npmjs.com), a respective package file (`ic-vetkd-utils-0.1.0.tgz`) is included in this repository.
1417

15-
---
16-
17-
## Disclaimer
18-
19-
The implementation of [the proposed vetKD system API](https://github.com/dfinity/interface-spec/pull/158) used in this example is **unsafe**, e.g., we hard-code a master secret key, rather than using a master secret key that is distributed among sufficiently many Internet Computer nodes through distributed key generation. **Do not use this in production or for sensitive data**! This example is solely provided **for demonstration purposes** to collect feedback on the mentioned vetKD system API. See also the respective disclaimer [in the system API canister implementation](https://github.com/dfinity/examples/blob/master/rust/vetkd/src/system_api/src/lib.rs#L19-L26).
20-
21-
---
22-
2318
## Prerequisites
2419
- [x] Install the [IC SDK](https://internetcomputer.org/docs/current/developer-docs/getting-started/install).
2520
- [x] Clone the example dapp project: `git clone https://github.com/dfinity/examples`
2621
- [x] Install [Node.js](https://nodejs.org/en/download/).
2722
- [x] Install [Rust](https://www.rust-lang.org/tools/install), and add Wasm as a target (`rustup target add wasm32-unknown-unknown`).
2823

24+
Begin by opening a terminal window.
25+
2926
## Step 1: Setup project environment
3027

3128
Navigate into the folder containing the project's files and start a local instance of the replica with the command:
3229

3330
```sh
3431
cd examples/rust/vetkd
35-
dfx start --clean
32+
dfx start --background --clean
3633
```
3734

38-
## Step 2: Open a new terminal window.
35+
## Step 2: Set up dependencies for a Node.js
3936

40-
## Step 3: Ensure `dfx` uses the canister IDs that are hard-coded in the Rust source code:
41-
42-
```sh
43-
cd examples/rust/vetkd
44-
dfx canister create system_api --specified-id s55qq-oqaaa-aaaaa-aaakq-cai
45-
```
46-
47-
Without this, the `dfx` may use different canister IDs for the `system_api` and `app_backend` canisters in your local environment.
48-
49-
## Step 4: Ensure that the required node modules are available in your project directory, if needed, by running the following command:
37+
Ensure that the required node modules are available in your project directory, if needed, by running the following command:
5038

5139
```sh
5240
npm install
5341
```
5442

55-
## Step 5:. Register, build, and deploy the project:
43+
## Step 3: Register, build, and deploy the project:
5644

5745
```sh
5846
dfx deploy
@@ -63,12 +51,18 @@ This command should finish successfully with output similar to the following one
6351
```sh
6452
Deployed canisters.
6553
URLs:
66-
Frontend canister via browser
67-
app_frontend_js: http://127.0.0.1:4943/?canisterId=by6od-j4aaa-aaaaa-qaadq-cai
68-
Backend canister via Candid interface:
69-
app_backend: http://127.0.0.1:4943/?canisterId=avqkn-guaaa-aaaaa-qaaea-cai&id=tcvdh-niaaa-aaaaa-aaaoa-cai
70-
app_frontend: http://127.0.0.1:4943/?canisterId=avqkn-guaaa-aaaaa-qaaea-cai&id=b77ix-eeaaa-aaaaa-qaada-cai
71-
system_api: http://127.0.0.1:4943/?canisterId=avqkn-guaaa-aaaaa-qaaea-cai&id=s55qq-oqaaa-aaaaa-aaakq-cai
54+
Frontend canister via browser:
55+
app_frontend_js:
56+
- http://xobql-2x777-77774-qaaja-cai.localhost:4943/ (Recommended)
57+
- http://127.0.0.1:4943/?canisterId=xobql-2x777-77774-qaaja-cai (Legacy)
58+
internet_identity:
59+
- http://xjaw7-xp777-77774-qaajq-cai.localhost:4943/ (Recommended)
60+
- http://127.0.0.1:4943/?canisterId=xjaw7-xp777-77774-qaajq-cai (Legacy)
61+
Backend canister via Candid interface:
62+
app_backend: http://127.0.0.1:4943/?canisterId=x4hhs-wh777-77774-qaaka-cai&id=xhc3x-m7777-77774-qaaiq-cai
63+
internet_identity: http://127.0.0.1:4943/?canisterId=x4hhs-wh777-77774-qaaka-cai&id=xjaw7-xp777-77774-qaajq-cai
7264
```
7365

74-
## Step 6: Open the printed URL for the `app_frontend_js` in your browser.
66+
## Step 4: Open frontend
67+
68+
Open the URL for the `app_frontend_js` (printed in the previous step) in your browser.

rust/vetkd/dfx.json

Lines changed: 1 addition & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1,22 +1,13 @@
11
{
22
"canisters": {
3-
"system_api": {
4-
"candid": "src/system_api/vetkd_system_api.did",
5-
"package": "vetkd_system_api",
6-
"type": "rust"
7-
},
83
"app_backend": {
9-
"dependencies": [
10-
"system_api"
11-
],
124
"candid": "src/app_backend/vetkd_app_backend.did",
135
"package": "vetkd_app_backend",
146
"type": "rust"
157
},
168
"app_frontend_js": {
179
"dependencies": [
18-
"app_backend",
19-
"system_api"
10+
"app_backend"
2011
],
2112
"frontend": {
2213
"entrypoint": "src/app_frontend_js/src/index.html"

0 commit comments

Comments
 (0)