Signed Subspace Key
Signed Subspace Keys (SSKs) are usually for sites that are going to change over time. For example, a website that may need news to be updated or information to be corrected, added or deleted. They work in such a way that someone else can't put up a newer version of your site and pretend it was you who did it. It works by using so you automatically sign your site. Only the person with the secret key can add updated versions of your site to Freenet.
The address of an SSK site looks something like this (the middle has been chopped out so it fits on the page):
The random-looking text in the middle is a pointer to the public key, and also a symmetric key used for privacy. The mysite part is a word chosen by the site creator, and the 4 is the version of the site. The version number is incremented each time you create a new version of the site and insert it into Freenet. We use this approach because it is not currently possible to update data in Freenet, nor is this likely in the near or medium term. Updatable Subspace Keys make this even more transparent to the end user.
Here's an example of an address of a real SSK site in Freenet. It should be a Freenet stress-testing page:
- GB3wuHmtxN2wLc7g4y1ZVydkK6sOT-DuOsUo-eHK35w is the hash of the public key. This part is all that is required to uniquely identify the file (but not decrypt it), so nodes need only store this bit. The actual public key is stored (unencrypted) with the (encrypted) data.
- c63EzO7uBEN0piUbHPkMcJYW7i7cOvG42CM3YDduXDs is the document decryption key. This is only known to clients and not to the nodes storing the data, so nodes cannot decrypt the data they store without the full address.
- AQABAAE is the encryption settings
SSK links have largely been superseded by USK links, which are based on SSKs but try to always retrieve the most up-to-date version of the site.
There are graphical tools like jSite to help you easily add freesites to Freenet, but for pedagogical purposes we will use the telnet interface to show how the process of adding an SSK freesite works step by step.
- Create a sample directory and give it a name like mysite, say, with a few HTML files in it, one called index.html.
- Connect to the telnet interface by entering this at a command line:
telnet localhost 2323
- First we need to generate a cryptographic keypair. This is done randomly each time and produces two keys: one (the private key) for signing the files, and the other (the public key) for verifying the signature. Type:
- This will return two strings of random-looking characters, an Insert URI (the private key for encrypting and signing) and a Request URI (for decrypting and verifying signatures).
Now we want to upload the directory and its contents to Freenet and have a link to be able to retrieve them. Type the following, replacing the "..." in the middle (which we have just done to make this fit on the page) with the full Insert URI:
This should upload the contents of the /path/to/mysite directory to Freenet, with a default file of index.html, and encrypted and signed with the private key we just generated. Be patient, it could take a few minutes. Eventually, it should come back with a message like this (middle bits chopped so it fits on page): URI:
How SSKs work
- The author generates a cryptographic keypair: a private key for signing files and a public key for verifying the signature.
- The author also generates a single symmetric key (one that is used for both encrypting and decrypting).
- When a file is inserted into Freenet, it is encrypted with the symmetric key and signed with the private key. The signature is stored with the file. Nodes don't store the symmetric key, only the public key part of the SSK, as an index to the data. This is so they can plausibly deny knowledge of the data on their node.
- The SSK is made up of a hash of the public key, and the symmetric key. The hash of the public key acts as the index to the data for searching purposes. Also, the actual public key is stored with the data. This is so that Freenet nodes can verify the signature when the SSK file comes into their node, and also so that clients can verify the signature when retrieving the file. The symmetric key is so that clients can decrypt the file.
The gory details: algorithms
- an SSK is 1024 bytes big
- The symmetric encryption key is 256-bit (both key and block size; not strictly AES as AES specifies a 128-bit block size) with (referred to as PCFB in some of the source code for historical reasons).
- Hashes are all .
- The public key encryption is 2048-bit with a 256-bit M (an extension of FIPS-180-2, close to FIPS-180-3).
- All the non-human-readable parts of the SSK are encoded bytes - a pubkey hash (or a privkey for an insert url), a symmetric key, and the extra bytes specifying crypto settings. Note that Freenet uses ~- instead of standard Base64's +/ for 62 and 63, respectfully.
- The last part of the SSK, aka the extra bytes, "
AQABAAE" or similar, indicates which algorithms have been used for the SSK (1, first byte), whether it is a private key (1) or a public key (0) (second byte), the encryption algorithm (2, third byte), and the hash algorithm (1, fourth and fifth bytes).