devteam/sharenet_passport_creator
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
sharenet_passport_creator/README.md
Continuist 8eacf243b2 Add working app
2025-10-03 23:50:15 -04:00

4.9 KiB
Raw History

Sharenet Passport Creator

A secure Rust CLI tool for creating and managing Sharenet Passport files (.spf) for decentralized identity management.

Features

  • = Secure Passport Creation: Generate encrypted .spf files with BIP-39 mnemonic recovery phrases
  • = Ed25519 Key Generation: Cryptographically secure key derivation and signing
  • =<3D> Recovery Support: Import passports from recovery phrases or existing .spf files
  • = Export & Re-encrypt: Export passports with new passwords

 Message Signing: Sign messages using your passport's private key

  • =<3D> Security First: Zeroize memory management and secure file encryption

Installation

# Clone the repository
git clone <repository-url>
cd sharenet_passport_creator

# Build the project
cargo build --release

# Run the CLI
./target/release/sharenet_passport_creator --help

Usage Guide

Creating a New Passport

Create a new Sharenet Passport with a secure recovery phrase:

./target/release/sharenet_passport_creator create my-passport.spf

You'll be prompted to:

  1. Enter an access password (used to encrypt the .spf file)
  2. Confirm the access password

The tool will then:

  • Generate a 24-word BIP-39 recovery phrase
  • Create an Ed25519 key pair
  • Generate a DID (Decentralized Identifier)
  • Save an encrypted .spf file

Important: Store your recovery phrase securely offline! It's the only way to recover your identity if you lose access.

Importing from Recovery Phrase

If you have a 24-word recovery phrase, you can import it to create a new .spf file:

./target/release/sharenet_passport_creator import-recovery recovered-passport.spf

You'll be prompted to:

  1. Enter your 24-word recovery phrase (one word per line)
  2. Set a new access password for the .spf file

Importing from Existing .spf File

Import an existing .spf file (useful for re-encryption or verification):

# Import without re-encryption
./target/release/sharenet_passport_creator import-file existing.spf

# Import and re-encrypt to new file
./target/release/sharenet_passport_creator import-file existing.spf new-passport.spf

You'll be prompted for the access password of the existing file.

Exporting with New Password

Export a passport with a new access password:

./target/release/sharenet_passport_creator export old-passport.spf new-passport.spf

You'll be prompted to:

  1. Enter the current access password
  2. Set a new access password

Viewing Passport Information

Display information about a .spf file:

./target/release/sharenet_passport_creator info my-passport.spf

Shows:

  • DID (Decentralized Identifier)
  • Public Key
  • File location

Signing Messages

Sign a message using your passport's private key:

./target/release/sharenet_passport_creator sign my-passport.spf "Hello, Sharenet!"

Output includes:

  • The original message
  • 64-byte Ed25519 signature (hex encoded)
  • Public key (for verification)

File Format (.spf)

Sharenet Passport Files (.spf) are encrypted containers that store:

  • Encrypted Seed: The master seed encrypted with XChaCha20-Poly1305
  • Public Key: Your Ed25519 public key
  • DID: Your Decentralized Identifier
  • Metadata: Creation timestamp, version, and encryption parameters

Security Features

  • XChaCha20-Poly1305: Authenticated encryption for file security
  • HKDF-SHA256: Key derivation from passwords
  • Zeroize: Secure memory wiping for sensitive data
  • BIP-39: Standard mnemonic generation and validation
  • Ed25519: Cryptographically secure signing

Recovery Phrase Security

Your 24-word recovery phrase is the master key to your identity:

  • <A0> Never store digitally - Write it down on paper
  • = Keep offline - Store in a secure physical location
  • =<3D> Don't share - Anyone with your recovery phrase can control your identity
  • =<3D> Verify accuracy - Double-check all 24 words when writing them down

Development

Running Tests

cargo test

Project Structure

src/
 domain/           # Core entities and traits
 application/      # Use cases and business logic
 infrastructure/   # Crypto and storage implementations
 cli/             # Command-line interface

Architecture

Built with Clean Architecture principles:

  • Domain Layer: Core entities (Passport, RecoveryPhrase, etc.) and traits
  • Application Layer: Use cases (CreatePassport, SignCard, etc.)
  • Infrastructure Layer: Crypto implementations, file storage
  • CLI Layer: User interface and command handling

Security Considerations

  • Passwords are never stored - only used for encryption/decryption
  • Recovery phrases are only displayed during creation
  • Private keys are zeroized from memory when no longer needed
  • All cryptographic operations use industry-standard algorithms

License

[Add appropriate license information]

Contributing

[Add contribution guidelines]