cardano-foundation · rphair · Jan 17, 2023 · Dec 8, 2022 · Dec 8, 2022 · Dec 8, 2022
diff --git a/CIP-????/README.md b/CIP-????/README.md
diff --git a/CIP-????/codesamples/democode-BASH.sh b/CIP-????/codesamples/democode-BASH.sh
@@ -0,0 +1,50 @@
+#!/bin/bash
+
+# --------------------------------------------------------------------------------------------
+# Demonstration implementation of CIP-0020 Transaction Messages Encryption/Decryption via BASH
+# --------------------------------------------------------------------------------------------
+
+#Setting default passphrase
+passphrase="cardano"
+
+
+#Unencrypted Metadata JSON
+echo "Normal unencrpted messages metadata JSON:"
+cat normal-message-metadata.json | jq
+echo
+
+
+#Encrypt the msg array from the JSON
+encrText=$(jq -crM .\"674\".msg normal-message-metadata.json | openssl enc -e -aes-256-cbc -pbkdf2 -iter 10000 -a -k "${passphrase}")
+echo "Encrypted Strings (base64 format):"
+echo "${encrText}"
+echo
+
+
+#Compose it into a new JSON and add the 'enc' entry
+echo "New encrypted messages metadata JSON:"
+jq ".\"674\".msg = [ $(awk {'print "\""$1"\","'} <<< ${encrText} | sed '$ s/.$//') ]" <<< '{"674":{"enc":"basic"}}' | jq
+
+
+echo
+echo "----------------------"
+echo
+
+
+#Encrypted Metadata JSON
+echo "Encrypted messages metadata JSON:"
+cat encrypted-message-metadata.json | jq
+echo
+
+
+#Decrypt the msg array from the JSON
+decrText=$(jq -crM ".\"674\".msg[]" encrypted-message-metadata.json | openssl enc -d -aes-256-cbc -pbkdf2 -iter 10000 -a -k "${passphrase}")
+echo "Decrypted Content:"
+echo "${decrText}"
+echo
+
+
+#Compose it into a new JSON in the standard message format
+echo "New messages metadata JSON:"
+jq ".\"674\".msg = ${decrText}" <<< "{}"
+echo
diff --git a/CIP-????/codesamples/democode-NODEJS.js b/CIP-????/codesamples/democode-NODEJS.js
@@ -0,0 +1,97 @@
+// -----------------------------------------------------------------------------------------------
+// Demonstration implementation of CIP-0020 Transaction Messages Encryption/Decryption via NODE-JS
+// -----------------------------------------------------------------------------------------------
+
+const crypto = require('crypto');
+
+//
+// Calculate the KeyIV via the PasswordBasedKeyDerivedFormat2 pbkdf2 method, 10000 iterations, 48 bytes long, sha256
+//
+function calc_KeyIV(passphrase, salt) { //passphrase as utf8 string, salt as hexstring
+	const key_IV = crypto.pbkdf2Sync(Buffer.from(passphrase,'utf8'), Buffer.from(salt,'hex'), 10000, 48, 'sha256').toString('hex')
+	console.log(`              keyIV: ${key_IV}`);
+	return key_IV;  //hex-string
+}
+
+//
+// Encryption Function
+//
+function encryptCardanoMessage(decrypted_msg, passphrase = 'cardano') { //decrypted_msg as utf8 string, passphrase as utf8 string(defaults to cardano)
+	//Encrypted Message (salted) looks like 'Salted__' + 8 bytes salt + cyphertext
+	//Build up the encrypted Message as hex string
+	var encrypted_hex = Buffer.from('Salted__','utf8').toString('hex');
+	//Generate the random salt
+	var salt = crypto.randomBytes(8).toString('hex');
+	encrypted_hex += salt; //append the salt
+	console.log(`               salt: ${salt}`);
+	//Calculate the Key+IV
+	var keyIV = calc_KeyIV(passphrase, salt)
+	//The key itself is the first 32 Bytes (char 0-64 in hex string)
+	var key = keyIV.substring(0,64);
+	//The IV (initialization vector) is 16 Bytes and follows the key
+	var iv = keyIV.substring(64);
+	console.log(`                key: ${key}`);
+	console.log(`                 iv: ${iv}`);
+	//Encrypt the message
+  	const cipher = crypto.createCipheriv('aes-256-cbc', Buffer.from(key,'hex'), Buffer.from(iv,'hex'));
+	try {
+		var cyphertext = cipher.update(decrypted_msg, 'utf8', 'hex') + cipher.final('hex');
+	} catch (error) { console.error(`Could not encrypt the message\n${error}`); process.exit(1); }
+	console.log(`         cyphertext: ${cyphertext}`);
+	encrypted_hex += cyphertext; //append the cyphertext
+	console.log(`   Enc-Message(hex): ${encrypted_hex}`);
+	return Buffer.from(encrypted_hex,'hex').toString('base64'); //base64 string
+}
+
+
+//
+// Decryption Function
+//
+function decryptCardanoMessage(encrypted_msg, passphrase = 'cardano') { //encrypted_msg as base64 string, passphrase as utf8 string(defaults to cardano)
+	//Encrypted Message is base64 encoded, convert it to hex
+	const encrypted_hex = Buffer.from(encrypted_msg, 'base64').toString('hex');
+	console.log(`   Enc-Message(hex): ${encrypted_hex}`);
+	//Encrypted Message (salted) looks like 'Salted__' + 8 bytes salt + cyphertext
+	//Salt is byte 9-16 in the Encrypted Message (char 16-32 in a hex string)
+	var salt = encrypted_hex.substring(16,32);
+	console.log(`               salt: ${salt}`);
+	//Cyphertext is all the rest after the salt (starting with char 32 in a hex string)
+	var cyphertext = encrypted_hex.substring(32);
+	console.log(`         cyphertext: ${cyphertext}`);
+	//Calculate the Key+IV
+	var keyIV = calc_KeyIV(passphrase, salt)
+	//The key itself is the first 32 Bytes (char 0-64 in hex string)
+	var key = keyIV.substring(0,64);
+	//The IV (initialization vector) is 16 Bytes and follows the key
+	var iv = keyIV.substring(64);
+	console.log(`                key: ${key}`);
+	console.log(`                 iv: ${iv}`);
+	//Decrypt the cyphertext with the key and the iv
+	const decipher = crypto.createDecipheriv('aes-256-cbc', Buffer.from(key,'hex'), Buffer.from(iv,'hex'));
+	try {
+		var decr_msg = decipher.update(cyphertext, 'hex').toString('utf8') + decipher.final('utf8');
+	} catch (error) { console.error(`Could not decrypt the message\n${error}`); process.exit(1); }
+	return decr_msg; //utf8
+}
+
+//-------------------------
+// DEMO Encrypt and Decrypt
+//-------------------------
+
+const passphrase = 'cardano'; //Using default passphrase 'cardano'
+
+// Encryption
+console.log(`--- Encryption ---`);
+var decrypted_msg = 'Hi, this is a test-message. Best regards, Martin';
+console.log(`  Dec-Message(utf8): ${decrypted_msg}`)
+var encrypted_msg = encryptCardanoMessage(decrypted_msg, passphrase);
+console.log(`Enc-Message(base64): ${encrypted_msg}`);
+console.log(`\n\n`);
+
+// Decryption
+console.log(`--- Decryption ---`);
+var encrypted_msg = 'U2FsdGVkX18UshV/vpKWoYtutcS2efoloN+okKMY+pYdvUnqi88znUhHPxSSX8t4';
+console.log(`Enc-Message(base64): ${encrypted_msg}`);
+var decrypted_msg = decryptCardanoMessage(encrypted_msg, passphrase);
+console.log(`  Dec-Message(utf8): ${decrypted_msg}`)
+console.log(`\n\n`);
diff --git a/CIP-????/codesamples/democode-PHP.php b/CIP-????/codesamples/democode-PHP.php
@@ -0,0 +1,88 @@
+// ------------------------------------------------------------------------------------------
+// Demonstration implementation of CIP-0020 Transaction Messages Encryption/Decryption via PHP
+// ------------------------------------------------------------------------------------------
+
+<?php
+
+const debug = true;
+
+function elapsedTime($start) {
+    $elapsed = microtime(true) - $start;
+    if ($elapsed < 1) {
+        return ($elapsed * 1000) . " milliseconds";
+    } else if ($elapsed > 60) {
+        return ($elapsed / 60) . " minutes";
+    } else {
+        return $elapsed . " seconds";
+    }
+}
+
+function getPbkdf2($password, $salt, $iterations) {
+    return openssl_pbkdf2($password, $salt, 48, $iterations, 'sha256');
+}
+
+function encryptCardanoMessage($msg, $password = 'cardano', $iterations = 10000) {
+    if (debug) {
+        $start = microtime(true);
+    }
+    $salt          = openssl_random_pseudo_bytes(8);
+    $encryptedText = "Salted__" . $salt;
+
+    $keyIV = getPbkdf2($password, $salt, $iterations);
+    $key   = substr($keyIV, 0, 32);
+    $iv    = substr($keyIV, 32);
+
+    $encryptedText       .= openssl_encrypt($msg, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv);
+    $hashedEncryptedText = base64_encode($encryptedText);
+
+    if (debug) {
+        echo "Done encrypting message in " . elapsedTime($start) . "\r\n";
+    }
+
+    return $hashedEncryptedText;
+}
+
+function decryptCardanoMessage($msg, $password = 'cardano', $iterations = 10000) {
+    if (debug) {
+        $start = microtime(true);
+    }
+
+    $encryptedText = base64_decode($msg);
+    $salt          = substr($encryptedText, 8, 8);
+    $cyphertext    = substr($encryptedText, 16);
+
+    $keyIV = getPbkdf2($password, $salt, $iterations);
+    $key   = substr($keyIV, 0, 32);
+    $iv    = substr($keyIV, 32);
+
+    $decrypted = openssl_decrypt($cyphertext, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv);
+
+    if (debug) {
+        echo "Done decrypting message in " . elapsedTime($start) . "\r\n";
+    }
+
+    return $decrypted;
+}
+
+$payload = "Testing message signing...";
+
+// Basic signed/encrypted message w/ default password of "cardano"
+$signed = encryptCardanoMessage($payload);
+
+// Basic signed/encrypted message w/ custom password
+$passwordSigned = encryptCardanoMessage($payload, "You'll never guess it!");
+
+// Basic signed/encrypted message w/ custom password and fewer iterations
+$shortPasswordSigned = encryptCardanoMessage($payload, "Please", 20);
+
+// Basic decoding w/ default password of "cardano"
+$unsigned = decryptCardanoMessage($signed);
+echo "\$signed is: {$unsigned}\r\n";
+
+// Basic decoding w/ custom password
+$unsignedPassword = decryptCardanoMessage($passwordSigned, "You'll never guess it!");
+echo "\$passwordSigned is: {$unsignedPassword}\r\n";
+
+// Basic decoding w/ custom password and fewer iterations
+$shortUnsigned = decryptCardanoMessage($shortPasswordSigned, "Please", 20);
+echo "\$shortPasswordSigned is: {$shortUnsigned}\r\n";
diff --git a/CIP-????/codesamples/democode-WEB.js b/CIP-????/codesamples/democode-WEB.js
@@ -0,0 +1,42 @@
+// -----------------------------------------------------------------------------------------------
+// Democode for running a Decryption on the Web Frontend - Method BASIC
+// -----------------------------------------------------------------------------------------------
+
+// Library that is used for this codesample: https://www.npmjs.com/package/crypto-js
+// Just import it before using this code
+
+let encrypted = "U2FsdGVkX18IJMMB5MDfNmuvvlbu4m5ODGmCrHHtWfYKarTRT4/x790+uhsj7cgRxDFvjxU7dcSPqH5PAXvRtPcaRyqoYBaXOQbm3D78wQCY4wCiLF1/mFOvFHPfpQHeC9jykRfpaVC3rtlJdHCPTw=="
+let encryptedWA = cryptoJS.enc.Base64.parse(encrypted);
+
+// Split the encrypted data into the individual pieces
+let prefixWA = cryptoJS.lib.WordArray.create(encryptedWA.words.slice(0, 8/4)); // Salted__ prefix
+let saltWA = cryptoJS.lib.WordArray.create(encryptedWA.words.slice(8/4, 16/4)); // 8 bytes salt: 0x0123456789ABCDEF
+let ciphertextWA = cryptoJS.lib.WordArray.create(encryptedWA.words.slice(16/4, encryptedWA.words.length)); // ciphertext        
+
+// Determine key and IV using PBKDF2
+let password = 'cardano'
+let keyIvWA = cryptoJS.PBKDF2(
+  password, 
+  saltWA, 
+    {
+      keySize: (32+16)/4, // key and IV
+      iterations: 10000,
+      hasher: cryptoJS.algo.SHA256
+    }
+);
+let keyWA = cryptoJS.lib.WordArray.create(keyIvWA.words.slice(0, 32/4));
+let ivWA = cryptoJS.lib.WordArray.create(keyIvWA.words.slice(32/4, (32+16)/4));
+
+// Decrypt the data
+let decryptedWA = cryptoJS.AES.decrypt(
+  {
+    ciphertext: ciphertextWA}, 
+                keyWA, 
+                {iv: ivWA}
+);
+let decrypted = decryptedWA.toString(cryptoJS.enc.Utf8)
+
+console.log(`Encrypted Data:`)
+console.log(encrypted)
+console.log(`Decrypted Data:`)
+console.log(decrypted)
diff --git a/CIP-????/codesamples/encrypted-message-metadata.json b/CIP-????/codesamples/encrypted-message-metadata.json
@@ -0,0 +1,11 @@
+{ 
+  "674":
+         { 
+           "enc": "basic",
+           "msg": 
+                 [ 
+                   "U2FsdGVkX1/5Y0A7l8xK686rvLsmPviTlna2n3P/ADNm89Ynr1UPZ/Q6bynbe28Y",
+                   "/zWYOB9PAGt+bq1L0z/W2LNHe92HTN/Fwz16aHa98TOsgM3q8tAR4NSqrLZVu1H7"
+                 ]
+         }
+}
diff --git a/CIP-????/codesamples/normal-message-metadata.json b/CIP-????/codesamples/normal-message-metadata.json
@@ -0,0 +1,5 @@
+{
+  "674": {
+    "msg": ["Invoice-No: 123456789","Order-No: 7654321","Email: john@doe.com"]
+  }
+}