Crypton

Giving privacy to the internet

http://crypton.io


WHO AM I ?

Tommy-Carlos Williams


tommy@devgeeks.org

@theRealDevgeeks


http://blog.devgeeks.org

http://github.com/devgeeks

Trigger Warning



Cryptography and JavaScript content

What is Crypton?

Zero-Knowledge framework for JavaScript

https://github.com/spideroak/crypton/


Zero-Knowledge

Server is unaware of the contents it is storing

Done through the use of end to end Cryptography

More users are becoming "privacy aware."


Terrabytes of data being transferred over the internet

What can you store with Crypton?


Containers

JavaScript objects and primitives


Messages

Secure messaging
(Allows user account to request to add a message to the "inbox" of another user account)

Architecture

Security audits and readiness

Crypton is a pre-release project at v0.0.2


However, as of April, 2014 there have been 2 audits. The first one was completed by Least Authority and the second by Leviathan

Crypton is ready for use inside JavaScript runtimes that have solved the 'Code Delivery Problem', or where the client API is packaged and not downloaded each time the application is run.

With that out of the way,

Let's code...

<script src="crypton.js"></script>

Accounts

Creating an account

crypton.generateAcount(username, passphrase, callback)

crypton.host = "crypton.devgeeks.org";
var myApp = {};
var username = 'testuser';
var passphrase = 'pass1234';

crypton.generateAccount(username, passphrase, function(err, account) {
  if (err) {
    // Inform the user, adjust application flow.
    alert(err);
    return;
  }
  // Do something with the returned account, if needed
  myApp.account = account;
});

Authorisation

Authenticating with the server

Zero-knowledge proof

crypton.authorize(username, passphrase, callback)

crypton.authorize(username, passphrase, function(err, session) {
  if (err) {
    alert(err);
    return;
  }
  // Store the authenticated session somewhere
  // necessary for requesting and receiving data
  myApp.session = session;
});

Containers

Data in Crypton is treated as a traditional object database.


Creating a container

session.create(containerName, callback)

myApp.session.create("diary", function(err, container) {
  if (err) {
    alert(err);
    return;
  }
  // `container` is the new container ready to use
  myApp.diary = container;
  // Do something with the container
});

Loading a container

session.load(containerName, callback)

// Existing container, not yet loaded
myApp.session.load("diary", function(err, container) {
  if (err) {
    alert(err);
    return;
  }
  // Do something with the container
  myApp.diary = container;
});

session.load
Will callback with an error if the given containerName does not exist.


session.create
Will create a blank container and save its initial state to the server.

Adding to a container

container.add(key, callback)

myApp.diary.add('entries', function (err) {
  if (err) {
    alert(err);
    return;
  }
  // diary now has an entries object
});

Will callback with an error if "entries" already exists.

Accessing container objects

container.get(key, callback)

// Wrapping in an `add` saves an error check below
myApp.diary.add('entries', function () {
  // worst case scenario: key already exists 
  //    and will not be overwritten
  myApp.diary.get('entries', function (err, entries) {
    if (err) {
      alert(err);
      return;
    }
    myApp.entries = entries;
  });
});

Adding data and saving it

container.save(callback)

var id = "entry-"+Date.now();
var newEntry = {
  id: id,
  title: 'Tonight I used crypto, and I LIKED IT!'
};

myApp.entries[id] = newEntry;
myApp.diary.save(function (err) {
  if (err) {
    // alert the user
    return;
  }
  // update UI, etc
});

Getting it back

container.get(key, callback)

...more of the same

myApp.diary.get('entries', function(err, entries) {
  if (err) {
    alert(err);
    return;
  }
  myApp.entries = entries;
  myApp.allEntries = 
    _.map(myApp.entries, function(entry, key){ return entry; });
  console.log(myApp.allEntries);
});

Bonus points


For extra credit integrate with your favourite MVC framework

In my case, Backbone.js

Encryptr Demo

Thanks!


Feel free to ask me any SpiderOak / Crypton questions you may have as long as they have nothing to do with the actual Cryptography.



Just kidding. *












* I'm totally not kidding...