An HTTP frontend to ERIS

This week I wrote a server for serving ERIS data to naïve HTTP clients.

https://git.sr.ht/~ehmry/eris_utils#erishttpd

The server accepts uploads via HTTP PUT, which can performed by cURL:

curl -i --upload-file test.opus http://[::1]:1024

The server responds with a "Content-Location" header that indicates the URL path for accessing the upload:

HTTP/1.1 200 OK
content-location: /urn:erisx2:AEA5WE6D5A6UHWMNTBSKYS3C62J43EHPDWZS2CANXAHYXYIUBMYPU2J4QLJO22FG2ZZHZB3XM6LTLIZFPWGFOYJLI5DYREY4RQL3DXT5MA
Content-Length: 0

With this the content can be retrieved:

mpv http://[::1]:1024/urn:erisx2:AEA5WE6D5A6UHWMNTBSKYS3C62J43EHPDWZS2CANXAHYXYIUBMYPU2J4QLJO22FG2ZZHZB3XM6LTLIZFPWGFOYJLI5DYREY4RQL3DXT5MA

The implementation of the server makes it a zero-knowledge data-locker. So long as the server is not logging the URNs in requests or responses, the operator of the service is unable to browse the stored content. Clients have no guarantee that they aren't being logged, but the operator can use ignorance to avoid some ethical hazards (do you really want to know what your friends are uploading?).

https://en.wikipedia.org/wiki/Zero-knowledge_service

Implementation

Data that is streamed to the server with a PUT request is segmented into fixed-size blocks (1 or 32KiB). These blocks are hashed to derive a 256-bit encryption key, encrypted using that key, and the ciphertext hashed again to derive a 256-bit block reference. The key and reference of content blocks are stored in fixed-size meta-blocks, which are encrypted in the same manner, and stored within a tree of meta-blocks until a key and reference to a root meta-block is determined. This key and reference forms the ERIS URN which is returned to the client. The server does not retain the key to the root block.

urn:erisx2:[block-size][meta-levels][root-reference][root-key]

ERIS spec

During encoding blocks are stored in a Tkzrzw key-value database file, the key of each stored block is its hash.

Tkrzw: a set of implementations of DBM

When dispatching GET requests the server parses an ERIS URN and loads the meta-blocks from the database, then streams the content-blocks to the client. After streaming is complete the server discards the keys to meta- and content-blocks.

Disadvantages

• The database is append-only, content cannot be removed (or not easily).
• Content with a lost URN is unretrievable.

Future plans

I wrote this server to integrate with an existing web-service, but I also plan to include as a library within a chat-bot for publishing file uploads.

I could write a Gemini server, but I'd rather not deal with TLS at all. The server is intended to operate within private networks or behind proxies and features no transport encryption or authentication.