function makeHeader(ids, senderInfo, fileInfo) {
const ephemeral = nacl.box.keyPair()
const header = {
version: 1,
ephemeral: nacl.util.encodeBase64(ephemeral.publicKey),
decryptInfo: {}
}
debug(`Ephemeral public key is ${hex(ephemeral.publicKey)}`)
debug(`Ephemeral secret key is ${hex(ephemeral.secretKey)}`)
for (let id of ids) {
debug(`Adding recipient ${id}`)
const nonce = nacl.randomBytes(24)
const publicKey = keyFromId(id)
debug(`Using nonce ${hex(nonce)}`)
let decryptInfo = {
senderID: senderInfo.id,
recipientID: id,
fileInfo: fileInfo
}
decryptInfo.fileInfo = nacl.util.encodeBase64(nacl.box(
nacl.util.decodeUTF8(JSON.stringify(decryptInfo.fileInfo)),
nonce,
publicKey,
senderInfo.secretKey
))
decryptInfo = nacl.util.encodeBase64(nacl.box(
nacl.util.decodeUTF8(JSON.stringify(decryptInfo)),
nonce,
publicKey,
ephemeral.secretKey
))
header.decryptInfo[nacl.util.encodeBase64(nonce)] = decryptInfo
}
return JSON.stringify(header)
}
.reduce(function(memo, publicKey) {
var nonce = nacl.randomBytes(nacl.box.nonceLength)
memo[nacl.util.encodeBase64(publicKey)] = {
nonce: nacl.util.encodeBase64(nonce),
encryptedKey: nacl.util.encodeBase64(nacl.box(
key,
nonce,
publicKey,
ephemeralKey.secretKey
))
}
return memo
}, {})
permit.build = function() {
var nonce = nacl.randomBytes(nacl.box.nonceLength)
var ephemeralKey = nacl.box.keyPair()
permit.nonce = nonce
permit.ephemeral = ephemeralKey.publicKey
permit.encryptedKey = nacl.box(
permit.databaseKey.secretKey,
nonce,
sessionKey.publicKey,
ephemeralKey.secretKey
)
return permit
}