Lighthouse
  • 👋Introduction
  • Quick Start
  • How To
    • 🔑Create an API Key
    • 🔼Upload Data
      • 📁File
      • 🔤Text/JSON
      • 🔀Buffer
    • 🔒Upload Encrypted Data
      • 📁File
      • 🔤Text/JSON
      • 🔐Encryption Authentication
        • 📝Method 1: Signed Message
        • ⚕️Method 2: JWT
        • 📲Method 3: Passkey
    • Encryption Features
      • 👯Share File
      • ❌Revoke Access
      • 🔑Check Access Conditions
      • 🚪Token Gating
      • Chains Supported
      • 📃Access Control Conditions
      • 🔓Decrypt File
        • 🌐Browser Decrypt File
        • 💻NodeJS Decrypt File
      • 🚪Access control with zkTLS
      • 👬Account Delegation Tutorial
    • 📂List Files
    • 💁File Info
    • 💰Get Balance
    • 🔁Retrieve File
    • 💾Check for Filecoin Deals
    • 🔄IPNS - Handle Mutable Data
    • 📦Migrate Files
    • 📌Pin CID
    • 💸Pay per use
    • Resize Image
    • 💻Use CLI Tools
  • zkTLS
  • 🤝Account Delegation
  • 💾Filecoin First
    • Usage
    • 💰Pay Per Deal
  • Tutorials
    • 💸Pay to View Application
    • Use Python SDK
    • 📝Update Content with Lighthouse IPNS
    • 📹Add Video Player in UI
    • ✅Document Verification with PoDSI
    • 🎨Minting NFTs on EVM Chains
    • 🪙Minting NFTs on Solana
    • 👩‍💻Programmable Storage with Lighthouse SDK and Filecoin
    • 🔐Secure File Sharing
    • Upload Encrypted Files
    • 📄Token Gating and Custom Contract
    • 🔑Token Gating NFTs
    • 🏖️Pushing File Metadata Onchain
    • Use Radix Wallet on Lighthouse Filesdapp
  • Concepts
    • Glossary
    • IPFS CID Transition to v1
  • Support
    • 📞Contact
Powered by GitBook
On this page
  • Step 1: Owner Grants Delegation Access
  • Step 2: Delegate Retrieves Shared Key & Decrypts Files

Was this helpful?

Edit on GitHub
  1. How To
  2. Encryption Features

Account Delegation Tutorial

Adding access control with account delegation for encrypted files involves two primary steps: granting access permissions to a delegate's address and retrieving the necessary decryption keys to access the files.​

Step 1: Owner Grants Delegation Access

The owner authorizes a delegate to access all their encrypted files by sending access permissions to all five Lighthouse nodes

import * as dotenv from 'dotenv'
dotenv.config()
import { ethers } from "ethers"
import axios from "axios";
import kavach from "@lighthouse-web3/kavach";

const signAuthMessage = async (privateKey) => {
  const signer = new ethers.Wallet(privateKey);
  const authMessage = await kavach.getAuthMessage(signer.address);
  const signedMessage = await signer.signMessage(authMessage.message);
  const { JWT } = await kavach.getJWT(signer.address, signedMessage);
  return JWT;
};

const delegateAccess = async () => {
  const publicKey = "0xa3c960b3ba29367ecbcaf1430452c6cd7516f588"; //Your public key
  const delegateAddress = "0x487fc2fE07c593EAb555729c3DD6dF85020B5160" //Receiver public key 
  const ownerPrivateKey = process.env.PRIVATE_KEY_WALLET1;
  const JWT = await signAuthMessage(ownerPrivateKey);
  const nodeIds = [1, 2, 3, 4, 5];

  for (const nodeId of nodeIds) {
    const response = await fetch(`https://encryption.lighthouse.storage/api/setAllFilesAccess/${nodeId}`, {
      method: "POST",
      headers: {
        "Authorization": `Bearer ${JWT}`,
        "Content-Type": "application/json"
      },
      body: JSON.stringify({
        address: publicKey,
        allFilesAccess: [delegateAddress]
      })
    });

    const data = await response.json();
    console.log(`response: `, data);
  }
};

delegateAccess().catch(console.error);

Step 2: Delegate Retrieves Shared Key & Decrypts Files

The delegate retrieves the shared encryption key from all five nodes and decrypts the desired file.​

import * as dotenv from 'dotenv'
dotenv.config()
import { ethers } from "ethers";
import fs from "fs";
import lighthouse from '@lighthouse-web3/sdk'
import kavach from "@lighthouse-web3/kavach"

const signAuthMessage = async(privateKey) =>{
    const signer = new ethers.Wallet(privateKey)
    const authMessage = await kavach.getAuthMessage(signer.address)
    const signedMessage = await signer.signMessage(authMessage.message)
    const { JWT, error } = await kavach.getJWT(signer.address, signedMessage)
    return(JWT)
  }

const retrieveAndDecrypt = async () => {
  const nodeIds = [1, 2, 3, 4, 5];
  const shards = [];
  const delegatePrivateKey = process.env.PRIVATE_KEY_WALLET2;
  const delegateAddress = "0x487fc2fE07c593EAb555729c3DD6dF85020B5160";
  const ownerAddress = "0xa3c960b3ba29367ecbcaf1430452c6cd7516f588";
  const cid = "bafkreictu4jrfdjuf426xjstyvn37bknkxkpfhpzblsisjya9gmoudsltq"
  const JWT = await signAuthMessage(delegatePrivateKey, delegateAddress);

  for (const nodeId of nodeIds) {
    const response = await fetch(`https://encryption.lighthouse.storage/api/retrieveSharedKey/${nodeId}`, {
      method: "POST",
      headers: {
        "Authorization": `Bearer ${JWT}`,
        "Content-Type": "application/json"
      },
      body: JSON.stringify({
        address: delegateAddress,
        cid: cid,
        ownerAddress: ownerAddress
      })
    });

    const data = await response.json();
    shards.push(data.payload);
  }

  // Combine shards to reconstruct the encryption key
  const { masterKey: key, error: recoverError } = await kavach.recoverKey(shards);

  // Decrypt the file using the reconstructed encryption key
  const decrypted = await lighthouse.decryptFile(cid, key);
  fs.createWriteStream("fileName.png").write(Buffer.from(decrypted))
  console.log("File decrypted successfully.");
};
retrieveAndDecrypt().catch(console.error);

PreviousAccess control with zkTLSNextList Files

Last updated 23 days ago

Was this helpful?

👬