Help user authentication

Hi,
I am developing a web application where user can share data/messages to another user. I am using IPFS to develope this web application.
I have a scenario,
Alice

  1. opens a web page
  2. Alice ipfs-js node is initialized (2 keys are generated)-> private key stored in datastore -> public key (hash/unique id generated by ipfs)

Bob
In order to share link of web app to Bob,

  1. Alice uses Bob’s email
  2. Bob receives Alices email
  3. In email, alice has sent her public key + accpt/reject msg + signature through link
  4. when bob clicks on link web app opens in browser
  5. Bobs js-ipfs node is initialized (2 keys are genrated)
  6. Bob verifies alice using her signature
  7. Bob Accepts msgs and sends his public key + signature + msg accept

Alice

  1. Alice receives Bob’s accept msg + Bob’s pubic key + Bob’s signature
  2. Alice verifies its really Bob(who she sent email invitation)

Alice and Bob

  1. Verification complete
  2. Continues sending data/msg

I am new to working with ipfs-js. I have to explain public/private key exchange scenario to professor and class. I want to know is this scenario is correct/ working.
Help, really appreciated.

Thank you

How is this part being done? How are Alice and Bob talking to each other at this point?

Most of this scenario doesn’t really seem to be IPFS specific. Really you’re using email as the trusted channel for public key exchange/“authentication”, which maybe isn’t the best way for trusted public key exchange.

I did not find any other way to distribute public key. I want to explain the underlying architecture of ipfs. How security is handled in ipfs

A public key can be shared anywhere: blog post, email, printed flyers, etc. It’s just a matter of making sure that the public key corresponds to the individual you want to have encrypted communications with.

Maybe I’m missing something, but the scheme in your original post doesn’t appear to be dependent on IPFS. And it’s not clear how you’re using IPFS for Alice and Bob to communicate (e.g., pubsub, libp2p streams, something else).

IPFS already uses public/private key encryption for communication between nodes. If you’re sure that a node id is controlled by the individual you’re intending to communicate with, then the individual controlling the node should already be authenticated in a sense.

1 Like