Degengineering | $DGNGX pfp
Degengineering | $DGNGX
@degengineering.eth
Weeks ago, I said "I am going to build a killer web3 app for businesses". I keep building it day by day. After releasing the alpha version of Web3PGP using @inkonchain testnet (https://w3pgp-8xotd6imh-gbdevws-projects.vercel.app/), I am building the second frontend: Web3UBL. It has an integrated OpenPGP keyring that synchronizes with Web3PGP and can detect whether a public key has been published on Web3PGP or not and whether that published public key has been revoked or not. I must fix some labels: Private keys are always stored encrypted, are only decrypted when needed: The user has the option to store the decrypted key in a in-memory cache with a 5 minutes expiration time in order to not have to provide the password each time the private key has to be used by the application (balance between security and convenience: do not keep a decrypted key in memory too long). I must add a export/import feature which export/import (and merge) the whole keyring as a collection of OpenPGP armored messages (.asc).
1 reply
0 recast
1 reaction
Degengineering | $DGNGX pfp
Degengineering | $DGNGX
@degengineering.eth
Security best practices are recommended/enforced when it comes to generating a private key (recommend ECC, RSA4096 or no RSA). Private key encryption with a passphrase is mandatory with a relatively medium password policy.
1 reply
0 recast
1 reaction
Degengineering | $DGNGX pfp
Degengineering | $DGNGX
@degengineering.eth
Finally, there is an easy interface to import keys from files or armored text or ... directly from Web3PGP (public keys only)
1 reply
0 recast
1 reaction
Degengineering | $DGNGX pfp
Degengineering | $DGNGX
@degengineering.eth
Next? I must refactor a bit the code to make a better use of the internal event bus which synchronizes data and UI based on blockchain events. Then? I'll build the main feature: a inbox/spam/sent box for electornic invoices and a button to publish encrytped invoices on-chain: users will be able to choose which private key they use to sign and which public key they use to encrypt the invoice before posting it onchain and notify the destinators 😉
0 reply
0 recast
2 reactions