Conversation
Implements paper-key disaster recovery against the v3 registry
schema. Recipient flow:
1. Enumerate blobs in the relay, try age-decrypt each with the
paper key. The first blob that decrypts and parses as a Node
carrying KEY_SLOT_RECOVERY is a vault root (any snap of any
vault for this paper recipient is fine here, we only need it
to bootstrap recovery_secret).
2. Derive vault_id and recovery_signing_key from the recovered
secret (same derivation publish.rs uses).
3. Lookup recovery registry entry at (recovery_pubkey, vault_id)
to get the device's signing pubkey.
4. Lookup vault registry entry at (device_pubkey, vault_id) to
get the latest TN's encrypted blob hash.
5. Fetch + age-decrypt that TN, verify its KEY_SLOT_RECOVERY
matches what we discovered (substitution defence), restore.
The discover step is O(N) over the relay's blob count. For the M3
demo single-vault case the first hit is typically the encrypted TN
itself; for production-scale relays a registry-keyed discovery
breadcrumb is a follow-up.
Validation:
cargo test --test async_relay
# async_relay_via_remote_store ... ok
The test models the marquee M3 deliverable: device A backs up a
source tree to the relay, A's runtime is dropped (offline
simulation), B starts up with a fresh memory backend + the same
relay store + the shared paper key, RemoteRestore reproduces the
file tree, SHA-256 of every restored file matches the original.
Assisted-by: claude-opus-4-7
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Validates the marquee M3 deliverable (async relay mode) end to end.
Implements paper-key disaster recovery against the v3 registry schema. Recipient flow:
agedecrypt each with the paper key. First blob that parses as aNodewithKEY_SLOT_RECOVERYis a vault root, that gives usrecovery_secret.vault_id+recovery_signing_key.(recovery_pubkey, vault_id)to get the device pubkey.(device_pubkey, vault_id)to get the latest TN hash.KEY_SLOT_RECOVERYmatches (substitution defence), restore.Discover step is O(N) blobs. A registry-keyed breadcrumb to make it O(1) is a follow-up.
Validation
cargo test --test async_relayModels device A → relay → device A offline → device B restores. Asserts SHA-256 of every restored file matches the original.