Node encryption and authentication
When sending messages to threshold signature servers on the Entropy network, you must authenticate and encrypt the messages.
The authentication process is simple: each node has a substrate account stored on the chain, referred to as a TSS account.
Messages are signed using SR25519. This encryption requires using an X25519 public key which gets used in Hybrid Public Key Encryption, using the hpke-rs
crate.
By combining the two, we can generate an EncryptedSignedMessage
. JavaScript bindings for creating these are available in the entropy-protocol-nodejs
and entropy-protocol-web
modules.
The concept is simple:
- Whenever you need to authenticate a party, you use a substrate key that is associated with them, whether it's a user submitting an extrinsic or a node with a TSS account.
- When encrypting a message (only when communicating with nodes), you use their public key to create an encrypted message using HPKE.