Skip to content

Migrate Rust vetKD example to use management canister #1144

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
May 15, 2025
Merged

Migrate Rust vetKD example to use management canister #1144

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
ea82f5d
migrate Rust vetKD example to use management canister
fspreiss May 12, 2025
de76bea
Improve README
fspreiss May 14, 2025
fbd1358
Downgrade ic-cdk
fspreiss May 14, 2025
0b7287e
Revert "Downgrade ic-cdk"
fspreiss May 14, 2025
6aa8a04
Upgrade ic-cdk to 0.18.2
fspreiss May 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1,075 changes: 225 additions & 850 deletions rust/vetkd/Cargo.lock
View file
Open in desktop

Large diffs are not rendered by default.

5 changes: 1 addition & 4 deletions rust/vetkd/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,2 @@
[workspace]
members = [
"src/system_api",
"src/app_backend",
]
members = ["src/app_backend"]
1 change: 0 additions & 1 deletion rust/vetkd/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@ node_modules:
.PHONY: deploy
.SILENT: deploy
deploy: node_modules
dfx canister create system_api --specified-id s55qq-oqaaa-aaaaa-aaakq-cai
dfx deploy

.PHONY: test
Expand Down
58 changes: 26 additions & 32 deletions rust/vetkd/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,58 +1,46 @@
# vetKD API
# Basic vetKeys example (Motoko)

This repository provides a canister (`src/system_api`) that offers the vetKD system API proposed in https://github.com/dfinity/interface-spec/pull/158, implemented in an **unsafe** manner **for demonstration purposes**.
This example demonstrates how to use the Internet Computer's **vetKeys** feature to:

Additionally, the repository provides:
1. Derive a (symmetric) cryptographic AES-GCM-256 key *in the user's browser*, and use it there for encryption and decryption.
2. Use identity-based encryption (IBE) to encrypt some plaintext for a particular *principal*, derive a respective decryption key *in the user's browser* for the user that is currently logged in, and use it to decrypt some ciphertext.

* An example app backend canister (`src/app_backend`) implemented in **Rust** that makes use of this system API to provide caller-specific symmetric keys that can be used for AES encryption and decryption.
It includes:

* An example app backend canister (`src/app_backend`) implemented in **Rust** that provides caller-specific symmetric keys that can be used for AES encryption and decryption.

* An example frontend (`src/app_frontend_js`) that uses the backend from Javascript in the browser.

The frontend uses the [ic-vetkd-utils](https://github.com/dfinity/ic/tree/master/packages/ic-vetkd-utils) to create a transport key pair that is used to obtain a verifiably encrypted key from the system API, to decrypt this key, and to derive a symmetric key to be used for AES encryption/decryption.

Because the `ic-vetkd-utils` are not yet published as NPM package at [npmjs.com](https://npmjs.com), a respective package file (`ic-vetkd-utils-0.1.0.tgz`) is included in this repository.

---

## Disclaimer

The implementation of [the proposed vetKD system API](https://github.com/dfinity/interface-spec/pull/158) used in this example is **unsafe**, e.g., we hard-code a master secret key, rather than using a master secret key that is distributed among sufficiently many Internet Computer nodes through distributed key generation. **Do not use this in production or for sensitive data**! This example is solely provided **for demonstration purposes** to collect feedback on the mentioned vetKD system API. See also the respective disclaimer [in the system API canister implementation](https://github.com/dfinity/examples/blob/master/rust/vetkd/src/system_api/src/lib.rs#L19-L26).

---

## Prerequisites
- [x] Install the [IC SDK](https://internetcomputer.org/docs/current/developer-docs/getting-started/install).
- [x] Clone the example dapp project: `git clone https://github.com/dfinity/examples`
- [x] Install [Node.js](https://nodejs.org/en/download/).
- [x] Install [Rust](https://www.rust-lang.org/tools/install), and add Wasm as a target (`rustup target add wasm32-unknown-unknown`).

Begin by opening a terminal window.

## Step 1: Setup project environment

Navigate into the folder containing the project's files and start a local instance of the replica with the command:

```sh
cd examples/rust/vetkd
dfx start --clean
dfx start --background --clean
```

## Step 2: Open a new terminal window.
## Step 2: Set up dependencies for a Node.js

## Step 3: Ensure `dfx` uses the canister IDs that are hard-coded in the Rust source code:

```sh
cd examples/rust/vetkd
dfx canister create system_api --specified-id s55qq-oqaaa-aaaaa-aaakq-cai
```

Without this, the `dfx` may use different canister IDs for the `system_api` and `app_backend` canisters in your local environment.

## Step 4: Ensure that the required node modules are available in your project directory, if needed, by running the following command:
Ensure that the required node modules are available in your project directory, if needed, by running the following command:

```sh
npm install
```

## Step 5:. Register, build, and deploy the project:
## Step 3: Register, build, and deploy the project:

```sh
dfx deploy
Expand All @@ -63,12 +51,18 @@ This command should finish successfully with output similar to the following one
```sh
Deployed canisters.
URLs:
Frontend canister via browser
app_frontend_js: http://127.0.0.1:4943/?canisterId=by6od-j4aaa-aaaaa-qaadq-cai
Backend canister via Candid interface:
app_backend: http://127.0.0.1:4943/?canisterId=avqkn-guaaa-aaaaa-qaaea-cai&id=tcvdh-niaaa-aaaaa-aaaoa-cai
app_frontend: http://127.0.0.1:4943/?canisterId=avqkn-guaaa-aaaaa-qaaea-cai&id=b77ix-eeaaa-aaaaa-qaada-cai
system_api: http://127.0.0.1:4943/?canisterId=avqkn-guaaa-aaaaa-qaaea-cai&id=s55qq-oqaaa-aaaaa-aaakq-cai
Frontend canister via browser:
app_frontend_js:
- http://xobql-2x777-77774-qaaja-cai.localhost:4943/ (Recommended)
- http://127.0.0.1:4943/?canisterId=xobql-2x777-77774-qaaja-cai (Legacy)
internet_identity:
- http://xjaw7-xp777-77774-qaajq-cai.localhost:4943/ (Recommended)
- http://127.0.0.1:4943/?canisterId=xjaw7-xp777-77774-qaajq-cai (Legacy)
Backend canister via Candid interface:
app_backend: http://127.0.0.1:4943/?canisterId=x4hhs-wh777-77774-qaaka-cai&id=xhc3x-m7777-77774-qaaiq-cai
internet_identity: http://127.0.0.1:4943/?canisterId=x4hhs-wh777-77774-qaaka-cai&id=xjaw7-xp777-77774-qaajq-cai
```

## Step 6: Open the printed URL for the `app_frontend_js` in your browser.
## Step 4: Open frontend

Open the URL for the `app_frontend_js` (printed in the previous step) in your browser.
11 changes: 1 addition & 10 deletions rust/vetkd/dfx.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,22 +1,13 @@
{
"canisters": {
"system_api": {
"candid": "src/system_api/vetkd_system_api.did",
"package": "vetkd_system_api",
"type": "rust"
},
"app_backend": {
"dependencies": [
"system_api"
],
"candid": "src/app_backend/vetkd_app_backend.did",
"package": "vetkd_app_backend",
"type": "rust"
},
"app_frontend_js": {
"dependencies": [
"app_backend",
"system_api"
"app_backend"
],
"frontend": {
"entrypoint": "src/app_frontend_js/src/index.html"
Expand Down
Loading
Loading