Author Topic: Chat for HFS.  (Read 5118 times)

Offline username1565

  • Occasional poster
  • *
  • Posts: 31
    • View Profile
Re: Chat for HFS.
« on: July 22, 2018, 05:31:34 PM »
Hello again, @LeoNeeson.
I understand what do you mean about signing message in PGPSuite.
You can sign/verify and encrypt/decrypt the small files, this will be base64 encoded, then.
Also you can do signing+encrypt and decrypt+verify. But yeap, I cann't see there, a readable text.

You cann't get only signed message with readable text there, because as you say, there is using another stansard (keybase.io).
For more secure, result not containing open text, and this is encoded or encrypted and added fingerprint + encoding this.

PGPSuite is based on script kbpgp.js (that means, keybase pgp).
To using openPGP, maybe need to write separate OpenPGP.js library.  ::)
But as you say this already exists, and need to integrate and include this.
Maybe this will be easy, but I don't see, in the Internet,
the working HTML-examples, with included openPGP.js:
Quote
OpenPGP.js v1.6.2, v2.6.2 and the latest v3.1.0
and maybe this project for node.js and need server-side module requirements on the node.

And also, at any time, you can yourself do your own fork of this project on github,
download this, rewrite the souce code, and upload new files to your own public branch.

Also, if you want to generate signature only, without encrypting text message (for emailing as example),
and then check signature (verify this message) with leaving readable message - you can using bitcoin signature tool,
for sign and verify readable messages. Other altcoins keys and address - there is available too!
Signing and verify, for not large files, is available there too (as base64 encoded text).

To use this:
1. Generate your own private key, and get address from this key.
For example, I used the message as passphrase to get priv and compressed vertcoin address in next example.
2. Save private key, and address.
3. Sign text or file by private key. You'll see readable message there.
4. Transfer this to someone else, and this can be verified, and will be still readable (if text).

This seems like pgp signature. My example:
Quote
-----BEGIN BITCOIN SIGNED MESSAGE-----
Blah-blah-blah - this is a readable text.
-----BEGIN SIGNATURE-----
VrrZoy5Dc6tPWib4TmchBgkc87mrAJg8Pd
HyVlWz2WoVWuMq6dh5I/MQSHtE2Up/1t1q4JYKPfqSNfZzYENvELoOZ2qBCrjN0TkmYWtITT/GMTcuqub+uEr0U=
-----END BITCOIN SIGNED MESSAGE-----
You can use the text from this message as passphrase in generator tab,
then get private key, and see the address corresponding to this,
but if you will at first, select in right-side list - Vertcoin.
Address will switch to compressed automatically, because Vertcoin have compressed addresses.

This brainwallet, can be hosted in LAN, using HFS! Code is JS+JQuery only. No any server-side software.
If your IP is static, you can tell in email your own permalink to open for your friends the way to verify signature of your messages.
You can also open the port and using static IP, or DDNS, to make this available from Internet.
And of cource you can using TOR + any tor2web services - without using any unstable DDNS services.

Quote
Back about your chat template, perhaps (to implement private rooms) you can take some ideas for inspiration, by looking this project: ZeroBin (where the server has zero knowledge of the stored data). They use URL Hash to exchange a decryption key (the same way Mega.nz does). But it's only an idea or a suggestion, I don't know if it is feasible to implement.
Zerobin seems nice, like jsfiddle.net, codepen.io
and another sites for sharing code notes.
But in the source code this have index.php.
I don't see database, like MySQL, but PHP is a server-side language.
Maybe this can be re-writed as HFS templates using scripting commands, because HFS not working as PHP-server.
I didn't saw intently this code and don't working with this...

URL Hash implies GET-query to the server, and JS can emulate this, like t-addr converter link or permalink in brainwallet,
but JS cann't responce as server and tell any files - because this is client-side language.
Maybe this is possible to using URL Hash, if keep-alive peer connection will be opened,
like this WebRTC file-sharing, for example.
This working in 2 tabs in Chrome (I don't test it in LAN without Internet)...
You can see random ID for each private rooms, p2p connection and peer exchange services (socket.io, or peer.js)
in the source code.

And still... If by using URL Hash, can be created folders on the HFS server,
then can be available opportunity to use this for create folders,
but not temporary folders, because there is no any option for deletion files and folders for anonymous users
(else backdoor for damage any files from anyone).
And maybe private rooms can be realized, using HFS scripting commands, but as separate template or module for this great portable HFS.
I see this option in chat version from DJ (but there is '...' bug).


Hey, Leo!
You no need to buy or hold any Bitcoins to make digital signature with saving readable text.
As I said, you can using open source brainwallet on client-side, to do signature
for your messages and verify signed messages from anyone.
Here you can see the source code: https://github.com/Taiiwo/bitcoin-signature-tool
And as you can see, this have only JS, CSS, and HTML files. And this project was been forked from brainwallet.
And in my brainwallet (source code here)
there is available to using compressed, and uncompressed private keys and addresses, from any another altcoins.
As you can see, to do signature, need the private key (WIF-format). This is base58Check encoded hex value.
To get this, you can using any 32-byte (256 bit) HEXadecimal string,
as secret exponent in generator tab.
You can encode to hex any text or bits using converter.
Also, your private key can be the sha256 hash from any your own key-file. Bitlength sha256 hash is 32 bytes, 256 bits.

That means you can generate yourself this value, and encode this to base58Check,
then using this to sign and get address for this key,
and then you can using this address as identifier for your signed messages.
No need to buy or hold any bitcoins, or altcoins.
No need to download any software, blockchain, no need to connect the nodes, etc...
Just ECDSA used here on client-site (JS, HTML, CSS), and this seems like PGP messages with readable text.

The simple way to understand the sence for using digital signatures,
is the understanding the sence of asymemtric encryption
(public key - encrypt from anyone, private key - for decrypt for owner public key),
and asymmetric signing (sign using private key by owner the public key, and verify by his public key).


« Last Edit: July 30, 2018, 04:51:33 AM by username1565 »

Follow members gave a thank to your post: