0.6.0 |
|
---|---|
0.5.0 |
|
0.4.0 |
|
0.3.6 |
|
0.2.1 |
|
#15 in #tss
33 downloads per month
50KB
880 lines
Hazmat
DO NOT use this in production without end-to-end encryption as it is vulnerable to a MITM attack if the server is compromised.
Instead you can should use a framework with end-to-end encryption.
About
Experimental websocket server for MPC key generation and signing using JSON-RPC.
The library has been designed so that the messages transferred between parties are only stored in memory for the shortest lifetime; that is just enough time to extract the required routing information to be able to handle the message.
Auditors will want to pay particular attention to the handling
of the SESSION_MESSAGE
and NOTIFY_PROPOSAL
methods which
are sensitive for security and privacy reasons.
By looking at the source for Group, Session and State structs auditors can verify that no sensitive information is stored in the server state.
A session may have associated data in it's value
which is
public information that can be shared between clients; the value
may be set by the session owner when the session is created and
later retrieved by other clients when they join the session.
The associated session data is typically used by signing sessions to indicate the message or transaction that will be signed.
Dependencies
~14–24MB
~347K SLoC