Skip to content

selfup/clandestine

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
config
config
 
 
lib
lib
 
 
test
test
 
 
.formatter.exs
.formatter.exs
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
mix.exs
mix.exs
 
 

Repository files navigation

Clandestine

Your nodes can talk to eachother using :rpc with safer payloads!

Like agents in the field, nodes need to communicate in a cryptic fashion.

At first is was called saferpc but that's not true. It's just safe(r) function arguments 😂

You need to set the enviornment variable RPC_TOKEN prior to using this! 🙏

Make sure you generate a strong secret 🔑

Example use

export RPC_TOKEN=abc123

Then:

secret_list = Clandestine.encrypt("hello world")

Clandestine.decrypt(secret_list)

Use Cases

Built for being used with :rpc. Can be used with distributed Genserver/Node.spawn/Task.async/etc...

Say you have a module on a remote node called foo@example.com:

defmodule Demo do
  def reply(msg) do
    IO.inspect msg
  end

  def reply(:shh, secret) do
    IO.inspect Clandestine.decrypt(secret)
  end
end

Now on a node bar@example.com:

:rpc.call(:foo@example.com, Demo, :reply, ["hello"])

# => "hello"

The argument is not encrypted. You will be sending this plain text over the wire.

Now pattern match the :shh argument, and send over an encrypted payload:

secret = Clandestine.encrypt("hello")

:rpc.call(:foo@example.com, Demo, :reply, [:shh, secret])

# => "hello"

Assuming both nodes share the same ENV variable (RPC_TOKEN), the argument will be encrypted prior to being sent and then decrypted in the response.

Two way encryption

What you really want to do, is encrypt it on its way back to ensure safe travel, and then decrypt it back on your end.

Say you need the other node to do some work with your payload:

defmodule Demo do
  def do_math(secret) do
    num = Clandestine.decrypt(secret)

    result = num + 42

    Clandestine.encrypt(result)
  end
end

Now on the other node requesting work:

base_num = Clandestine.encrypt(9000)

secret = :rpc.call(:name@hostname, Demo, :do_math, [base_num])

IO.inspect Clandestine.decrypt(secret)

# => 9042

Your payloads have been kept secret the whole time 🙏

A -> B

B -> A

Disclaimer

Not really that safe! Only as safe as your key, and the larger the payload the safer the messages.

This is not some fancy algorithm. It's pretty much a cipher that is based on both parties sharing the same secret.

I use it because why not. I would recommend looking up how to set up TLS with :rpc if you need bullet proof data transfer. Or use a VPC for inner node communication.

About

Your arguments are safe with us. Make rpc great again!

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages