Exchanging Encrypted Data on Blockchain Using MetaMask | by Břetislav Hájek | Mar, 2022

Tutorial on the way to use native MetaMask encryption-decryption capabilities

Each Ethereum account is related to personal/public key pair. A pure query is the way to use these keys for encrypting knowledge? Does MetaMask help encryption? This tutorial will present a user-friendly approach to make use of MetaMask to change encrypted messages on a blockchain.

All through this tutorial, I’m utilizing TypeScript notation as a result of I believe it helps perceive what’s happening. Please take away the kinds from the code should you use JavaScript.

When growing our newest mission FELToken — a instrument for decentralized privacy-preserving machine studying — we would have liked to change knowledge solely between concrete accounts on blockchain. Each account is related to key pair, which main objective is for signing transactions. Nevertheless, it may be used for encryption as properly. The one difficulty is that customers’ wallets often deal with these keys, and asking customers to repeat their personal keys is horrible. Utilizing capabilities supplied by the pockets is a a lot cleaner resolution.

Right here is only a fast overview of public-key cryptography. The core thought is that you’ve got private and non-private keys linked by some mathematical properties. In the event you encrypt a message with the general public key, solely the personal key can decrypt it. This implies which you can share the general public key with different folks. They’ll then use it for encrypting messages which solely you possibly can decrypt. Furthermore, encryption works the opposite approach spherical, generally used for signing messages.

Fundamental uneven encryption scheme

Important for us is that if Alice desires to ship a secret message to Bob, it requires the next steps:

  1. Bob sends Alice his public key
  2. Alice encrypts the message utilizing Bob’s public key
  3. Alice sends the encrypted message to Bob
  4. Bob decrypts the message utilizing his personal key

Cryptography is a vital a part of the net, whatever the quantity, and in my view, each developer ought to know at the least the fundamentals of cryptography. For extra sensible information, I like to recommend the next e-book:

Fortunately, there’s a native decryption perform inside MetaMask. Alternatively, the encryption mechanism isn’t standardised, so this perform most definitely isn’t supported by different wallets. No matter that, let’s take a look at the MetaMask decryption in additional element.

Most details about this perform is supplied within the MetaMask documentation:

I’ll point out this later as properly, however documentation skipped the truth that the decryption works provided that the plain textual content accommodates legitimate UTF-8. It received’t work for arbitrary bytes sequences!

1. Bob sends Alice his public key

Step one is to acquire Bob’s public key and ship it to Alice. This key’s essential for encryption, and it may be publicly shared. In truth, you share this key with each blockchain transaction you ship. You would possibly already know that the account handle isn’t the identical as the general public key. The handle is calculated as a hash of the general public key, making it inconceivable to simply calculate the general public key solely based mostly on consumer handle (unlucky choice, in my view).

We first must request a public key from MetaMask. We are able to use perform eth_getEncryptionPublicKey supplied by MetaMask. Utilizing this perform is comparatively simple; simply move the account handle. The app should have entry to a specified account; passing a random account will fail.

Discover: MetaMask robotically injects the window.ethereum object to web sites. In the event you use some library for speaking with MataMask, you would possibly must entry this object in another way (the request half would be the identical).

Now that you’ve got the general public key, you possibly can ship it to Alice so she will be able to use it for encryption. The excellent news is that the general public key suits into bytes32 variable; therefore you possibly can simply move it to sensible contracts. Or you should utilize another approach for exchanging the general public key.

2. Alice encrypts the message utilizing Bob’s public key

As soon as we’ve got the general public key, we are able to proceed with encrypting the message. You have to to put in a package deal from MetaMask:@metamask/eth-sig-util that gives the encryption perform. Then for encrypting knowledge supplied as Buffer, we use the next perform (public key’s identical as obtained within the earlier step):

Essential: MetaMask decrypts solely legitimate UTF-8 sequences, so if you wish to ship arbitrary bytes, you need to first encode it utilizing one thing like base64. I’m utilizing base85 supplied by ascii85 package deal. I attempted to save lots of as a lot house as doable since we’re storing the encrypted knowledge in a wise contract.

3. Alice sends the encrypted message to Bob

The change of encrypted messages is as much as you. We’re utilizing a wise contract for storing and exchanging encrypted messages. In your sensible contract, you’ll most likely use bytes sort for storing the encrypted message. We’re additionally utilizing ethers.js package deal for interacting with the sensible contract, which requires sort quantity[] when sending knowledge to bytes argument. If you wish to do the identical, you possibly can convert the buffer to quantity[] sort as:

numberArray = buffer.toJSON().knowledge;

4. Bob decrypts the message utilizing his personal key

Lastly, when Bob receives the encrypted knowledge, he can reconstruct the unique object and request MetaMask to decrypt it for him. All that’s completed utilizing the next perform (knowledge buffer is the buffer outputted by the encryption perform):

By way of consumer expertise, the MetaMask decryption perform is kind of handy. It fully hides the personal key from the appliance. Furthermore, a consumer doesn’t must deal with the personal key manually. The one draw back is the pop-up window that at all times asks for consumer approval for decryption.

Now we had been within the scenario the place we would have liked to work together with the sensible contract utilizing Python as properly. We’d like matching encryption/decryption capabilities applied in Python in such a case. You have to to put in PyNaCl, which supplies each encryption and decryption capabilities. Then you should utilize the next code:

I received’t go an excessive amount of into the technical particulars of the encryption course of. The essential half is that the bytes sequences produced by these capabilities would be the identical because the buffers from JavaScript implementation. Be happy to ask within the feedback if you would like a greater clarification of the encryption mechanism.

I hope folks will begin utilizing this encryption mechanism extra, forcing some standardization throughout the wallets. I attempted to not complain an excessive amount of all through the tutorial, however the present state is actually a large number. Some design selections strike me each time I’ve to take care of them. I assume we’ve got to make this sacrifice for a user-friendly interplay.

Anyhow should you appreciated the article, take into account following me and FELToken. There will probably be extra articles about Web3 improvement.

More Posts