rspace-online

Commit Graph

Author	SHA1	Message	Date
Jeff Emmett	e207b18adf	fix(encryptid): deterministic key derivation and server-backed guardian recovery - Key derivation: replace random crypto.subtle.generateKey with deterministic P-256 via @noble/curves/p256 and real Ed25519 did:key generation via @noble/curves/ed25519 with multicodec prefix + base58btc encoding - Guardian recovery: wire RecoveryManager to server API (GET/POST/DELETE /api/guardians) instead of localStorage-only persistence. Server handles invite emails, client syncs guardian list on load and merges with local type metadata. verifyGuardian checks actual server acceptance status. - Notifications dispatch CustomEvents on document for UI integration - GuardianSetupElement awaits server sync before first render Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-11 23:26:52 -07:00
Jeff Emmett	72192007e6	feat: Add EncryptID unified identity system Implements the EncryptID identity system for the r-ecosystem: - WebAuthn/Passkey authentication with PRF extension for key derivation - Client-side cryptographic key derivation (AES-256, ECDSA P-256, Ed25519) - Social recovery system with guardians (no seed phrases!) - Session management with authentication levels - Cross-app SSO via Related Origin Requests - Web components: login button and guardian setup panel - Hono server for authentication endpoints - Docker deployment configuration Domain: encryptid.jeffemmett.com RP ID: jeffemmett.com (for cross-subdomain passkey usage) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-05 16:48:19 +00:00

Author

SHA1

Message

Date

Jeff Emmett

e207b18adf

fix(encryptid): deterministic key derivation and server-backed guardian recovery

- Key derivation: replace random crypto.subtle.generateKey with deterministic
  P-256 via @noble/curves/p256 and real Ed25519 did:key generation via
  @noble/curves/ed25519 with multicodec prefix + base58btc encoding
- Guardian recovery: wire RecoveryManager to server API (GET/POST/DELETE
  /api/guardians) instead of localStorage-only persistence. Server handles
  invite emails, client syncs guardian list on load and merges with local
  type metadata. verifyGuardian checks actual server acceptance status.
- Notifications dispatch CustomEvents on document for UI integration
- GuardianSetupElement awaits server sync before first render

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-11 23:26:52 -07:00

Jeff Emmett

72192007e6

feat: Add EncryptID unified identity system

Implements the EncryptID identity system for the r-ecosystem:

- WebAuthn/Passkey authentication with PRF extension for key derivation
- Client-side cryptographic key derivation (AES-256, ECDSA P-256, Ed25519)
- Social recovery system with guardians (no seed phrases!)
- Session management with authentication levels
- Cross-app SSO via Related Origin Requests
- Web components: login button and guardian setup panel
- Hono server for authentication endpoints
- Docker deployment configuration

Domain: encryptid.jeffemmett.com
RP ID: jeffemmett.com (for cross-subdomain passkey usage)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-02-05 16:48:19 +00:00

2 Commits