How to get the decrypt data from other user using GunDB

Question

I gave a try to .secret() and .trust() of gun.user though, there are unexpected results. How could I get the data from other users in order to access control in the application? as well as I need to know how to decrypt data without the error message, 'Could not decrypt'.

• node 10.16.0
• gun 0.2019.515
• chrome 74.0.3729.169

There are User03 and User01 in left and right. My goal of this test is User01 to get User03's secret data.

1. Put data under the User03 and check the data on both consoles.

S.user.get('test').put('come on'); // on left console as user03

S.user.get('test').once(console.log); // on left console as user03
user03.get('test').once(console.log); // on right console as user01

2. Let User03 .trust() User01 on left side.

S.user.get('test').trust( user01 ); // left

3. Make User03's data secret using User03's pair.

S.user.get('test').secret( S.user.pair ); //left

4. Check the encrypt data on both sides.

S.user.get('test').once(console.log); // on left console as user03
user03.get('test').once(console.log); // on right console as user01

5. Decrypt user03's secret using user01's pair on the right.

it gets the error message, 'Could not decrypt'.

user03.get('test').once((data)=>{
    SEA.decrypt(data, S.user.pair, console.log);
});; // right

6. Check the inside the return object of STEP 5.

I expect the output 'come on' as decrypted data.

Answer 1

@huhsame , sorry for the delay on answering this. (For urgent matters, please tag me on Twitter or in the Gitter)

The main issue is that User.trust and User.secret are currently (August 2019) unstable alpha API methods.

We however have a stable production-ready lower-level API you can use instead, called SEA.

Here is a complete example of how to do what you want:

var alice = await SEA.pair();
var bob = await SEA.pair();
var enc = await SEA.encrypt('shared data', await SEA.secret(bob.epub, alice));
await SEA.decrypt(enc, await SEA.secret(alice.epub, bob));

This is what GUN and the User API methods use underneath.

You see that alice and bob are the same keypairs (pub & priv of ECDSA & ECDH) behind the gun.user(ecdsaPubKey) lookups you've probably already done.

await SEA.secret(ecdhPubKey, alice) gets a common shared secret between your target user's public key (their ECDH pubkey, not ECDSA) and "yourself" (Alice). How this is done is famously described with mixing colors.

Then .encrypt( and .decrypt( do what you'd expect, as long as the have the same "passcode" (the 2nd parameter), which is gotten by deriving the common secret of two users, which gives the same output even in the reverse direction (Bob, the target user, passing his keypair as "you", and Alice's ECDH pubkey as 1st parameter into secret).

Hopefully this will buy you time, doing it yourself, until the User.trust and User.secret (in contrast to SEA.secret which works already) higher-level convenience methods are ready.