diff --git a/rfc/0013_Duniter_Encrypted_Wallet_Import_Format.md b/rfc/0013_Duniter_Encrypted_Wallet_Import_Format.md new file mode 100644 index 0000000000000000000000000000000000000000..bf8936d69955bd5f9ee73555e0513d85b56e7248 --- /dev/null +++ b/rfc/0013_Duniter_Encrypted_Wallet_Import_Format.md @@ -0,0 +1,85 @@ +# #13 Duniter Encrypted Wallet Import Format + +```txt +RFC: 13 +Title: Duniter Encrypted Wallet Import Format +Type: Format +Status: WIP +Author: elois <c@elo.tf> +Created: 2020-02-13 +Last edited: 2020-02-13 +License: CC-SA +``` + +## Introduction + +A wallet is a pair of asymmetric keys (a public key + a private key). + +The purpose of this RFC is to define a standard, inter-operable and secure file format for any DUBP wallet. + +[DUBP](https://git.duniter.org/nodes/common/doc/blob/master/rfc/0010_Duniter_Blockchain_Protocol_V12.md) only deals with public keys and signatures. + +A public key is always paired with a private key, which DUBP will never deal with. + +Today DUBP manage only the algorithm ED25519, but in the future DUBP can evolve to manage multiples digital signature algorithms. + +So currently a public key for DUBP is to be understood as an Ed25519 public key. + +## DEWIF format + +DEWIF is an inter-operable and secure file format for any DUBP wallet. + +The official extension is `.dewif`. + +DEWIF format is a text file containing a single base64 string. +This base64 string encodes a sequence of bytes whose structure is defined below. + +## dewif bytes structure + +| version (4 bytes) | encrypted datas (any bytes) | +|:-----------------:|:---------------------------:| + +## encrypted datas + +### v1 + +Symmetric encryption algorithm : aes256 + +Encrypted datas : + +| seed(32 bytes) | public key(32bytes) | +|:--------------:|:-------------------:| +| seed bytes | public key bytes | + +The public key serves as a checksum. To check that the `.duwif` file is not corrupted, simply generate an ed25519 keypair with the seed and check that the obtained public key matches. + +Example 1: + +Seed generated from scrypt with the following parameters: +password: "password" +salt: "salt" +N : 4096 +r: 16 +p: 1 + +```txt +0x000000001 #v1 +0x22a91d9afa1dd13e96cecfa38d3f3655ca2726818ba5aa84e6b7dee1a036fc0f # seed +0xecdaab8f7ea0ea6f4b9f4e930cef2a1bb277736f64c971c43ca5d73cfb4bb80f # public key +``` + +DUWIF base 64 string (with zeroing aes key): + +`AAFTQgEdcnSqvdxZW9Q+37b1RpiC5lsd/kjT01xUq122obU8R2IyyAVqpAsC2s7dwOX9xJ4r9WRnNrcpjLt3Mnq3` + +### v2 + +Symmetric encryption algorithm : aes256 + +Encrypted datas : + +| seed1(32 bytes) | public key1(32bytes) | seed2(32 bytes) | public key2(32bytes) | +|:---------------:|:--------------------:|:---------------:|:--------------------:| +| seed bytes | public key bytes | seed bytes | public key bytes | + +The public key serves as a checksum. To check that the `.duwif` file is not corrupted, simply generate an ed25519 keypair with the seed and check that the obtained public key matches.