API-of-Me
Search…
Getting Started
Guides
Secure Value Exchange
Policies
Connections and Sharing
How to create a connection between you and another user to share data
A follow along guide using the Meeco CLI to build on the Quickstart Guide
Below the guide using the CLI we have a more in depth explanation of how sharing works
After successfully creating an item in your user's Vault from the Quickstart section, it's now time to create another user called Bob.
1
meeco users:create -p supersecretpassword > .bob.yaml
Copied!
Using the CLI again, we're going to make a connection configuration file between Alice and Bob
1
meeco connections:create-config --from .alice.yaml --to .bob.yaml > .connection_config.yaml
Copied!
This creates a file called
.connection_config.yaml which we will open and edit the fromName and toName keys. Let's make it between Alice and Bob. Next, it's time to use the CLI again to create the connection between the two users.1
meeco connections:create -c .connection_config.yaml > .connection.yaml
Copied!
This generates the keypairs for the connection, creates and accepts the invitation for the two users.
Now, we're ready to select an item from Alice's vault and share it with Bob.
First, we'll need to create the share template with the CLI.
1
meeco shares:create-config --from .alice.yaml -c .connection.yaml -i .item.yaml > .share_config.yaml
Copied!
After this configuration file is created, we can create the share between the two users:
1
meeco shares:create -c .share_config.yaml > .share.yaml
Copied!
The output is a new shares item:
1
shares:
2
- id: 0f894916-852a-4682-bd49-0783ab58e1c0
3
owner_id: ab9f9fce-db0b-4384-a221-617efa80dba7
4
sender_id: ab9f9fce-db0b-4384-a221-617efa80dba7
5
recipient_id: ce021e77-a66f-4fae-a150-d3a4a6e1a7f9
6
acceptance_required: acceptance_not_required
7
item_id: bae62ab6-ea95-4037-8f6c-3708c81b2d77
8
slot_id: null
9
public_key: "-----BEGIN PUBLIC KEY-----\r
10
...
11
-----END PUBLIC KEY-----\r\n"
12
...
13
sharing_mode: owner
14
keypair_external_id: f0ab31a1-c95d-463d-b6b1-1a72e1f56444
15
encrypted_dek: Rsa4096.Jm9R1Ve2KcOLc4-HkZkjviB8HXBSlVQLfTlUJ-xcGRRklBp-Od-g2YjareSFwMorzVrtVDKWg8QWkB3iDAn_g9pG3c-kY1Le5Gb86VTO3hhx74jImf_iw29VUUcAsfRQH2u69X5byyYYlg827nMpT8CgN4P3USsMsMMsXrppu7ONGwk-xxItJtr8S3cONECp5L_4cbcR4IDbGBpVGZMdU5X6YU3ZZ7z-fi5wF5tRp6krR4V8rqbJOlyURY2xwj3ihoGtPc6Dbef_H6viFEgl00gyDegXKgJ8IisES_6_cyq7ooiGbux5oTgyg4tTIA40Lf65JLzVujosFC56EatRumR-YretG_Dkr61PQfuGN2zpTOGpZzypnc-HJc-GCHWGLU1wqwhcBY3NNoM1NvmdWGRQV2Vrtt3rhBCM2Nt-E7lCyQTX45qGXG-q-nL2b6l_DfCfp6O5s4hAYVoBQgDLCexl1YFb0reNm1Ol3rQ_hjpPn9LHAgE93Mdq7b04-sBmbNF54oLyrAneZu8NOle1-dioK13dLNooSm_O5MuRdnjyaJZH5zcsN-mEeSzsTHBymiMitet1-YOoZrenLDUaaFpWj6fCgwW6louU7u8PWq8U40TV15c8TndQAVFyRhfPav8HHLhOJmOCa1HaqdGZ8vuw1efJW3rtOU2ye31JQIw=.QQUAAAAA
16
terms: null
17
created_at: 2020-09-24T07:15:03.315Z
18
expires_at: null
Copied!
The CLI sets up a private encryption space between Alice and Bob and then shares the item.
We never created an item for the Bob, so we know that the following command will show the item that has been shared with Bob.
1
meeco shares:get-incoming -a .bob.yaml <SHARE_ID>
Copied!
The following is the share information, as well as the item that was shared:
1
share:
2
id: 0f894916-852a-4682-bd49-0783ab58e1c0
3
owner_id: ab9f9fce-db0b-4384-a221-617efa80dba7
4
sender_id: ab9f9fce-db0b-4384-a221-617efa80dba7
5
recipient_id: ce021e77-a66f-4fae-a150-d3a4a6e1a7f9
6
acceptance_required: acceptance_not_required
7
item_id: bae62ab6-ea95-4037-8f6c-3708c81b2d77
8
slot_id: null
9
...
10
sharing_mode: owner
11
keypair_external_id: f0ab31a1-c95d-463d-b6b1-1a72e1f56444
12
encrypted_dek: Rsa4096.Jm9R1Ve2KcOLc4-HkZkjviB8HXBSlVQLfTlUJ-xcGRRklBp-Od-g2YjareSFwMorzVrtVDKWg8QWkB3iDAn_g9pG3c-kY1Le5Gb86VTO3hhx74jImf_iw29VUUcAsfRQH2u69X5byyYYlg827nMpT8CgN4P3USsMsMMsXrppu7ONGwk-xxItJtr8S3cONECp5L_4cbcR4IDbGBpVGZMdU5X6YU3ZZ7z-fi5wF5tRp6krR4V8rqbJOlyURY2xwj3ihoGtPc6Dbef_H6viFEgl00gyDegXKgJ8IisES_6_cyq7ooiGbux5oTgyg4tTIA40Lf65JLzVujosFC56EatRumR-YretG_Dkr61PQfuGN2zpTOGpZzypnc-HJc-GCHWGLU1wqwhcBY3NNoM1NvmdWGRQV2Vrtt3rhBCM2Nt-E7lCyQTX45qGXG-q-nL2b6l_DfCfp6O5s4hAYVoBQgDLCexl1YFb0reNm1Ol3rQ_hjpPn9LHAgE93Mdq7b04-sBmbNF54oLyrAneZu8NOle1-dioK13dLNooSm_O5MuRdnjyaJZH5zcsN-mEeSzsTHBymiMitet1-YOoZrenLDUaaFpWj6fCgwW6louU7u8PWq8U40TV15c8TndQAVFyRhfPav8HHLhOJmOCa1HaqdGZ8vuw1efJW3rtOU2ye31JQIw=.QQUAAAAA
13
terms: null
14
created_at: 2020-09-24T07:15:03.315Z
15
expires_at: null
16
associations_to: []
17
associations: []
18
attachments: []
19
classification_nodes:
20
- id: 8670d4c6-8d68-49a4-bd21-0fc8cefa705d
21
name: vehicle
22
label: Vehicle
23
description: null
24
ordinal: 3
25
background_color: null
26
image: https://sandbox.meeco.me/vault/images/ff1c25e9-530a-4103-b649-986631bcAAAAA
27
scheme: meeco
28
item:
29
id: a3f632c8-f80f-47aa-9e26-aab15ad9ed63
30
own: false
31
name: a_new_item
32
label: A New Item
33
description: null
34
created_at: 2020-09-24T07:15:03.452Z
35
item_template_id: 0c385f1d-8825-4932-a6ab-846178b816e4
36
ordinal: 0
37
visible: true
38
updated_at: 2020-09-24T07:15:03.493Z
39
...
Copied!
Running
meeco shares:list -a .bob.yaml will show all the shares information that Bob has received, even from other users.meeco shares:list -t outgoing -a .alice.yaml will show all the shares that are outgoing from Alice to other users.If you're looking for a way to delete the share, you can do that as either user with
meeco shares:delete -a .alice.yaml <SHARE_ID> or meeco shares:delete -a .bob.yaml <SHARE_ID>Well done - you've now created a connection between two users, and shared an item!
Sharing Items Between Users - In Depth
All user data stored in the Vault is encrypted and can only be decrypted and read by the user.
However, the Meeco platform makes it possible for one user to share items with another user. We will cover this process and its steps in this guide.
In summary, the sharer will generate a DEK (data encryption key) specifically for the purpose of this share and re-encrypt the shared item with this key. In order to share the DEK, Public Key cryptography is used: the sharer will encrypt the DEK with a Public Key of the share recipient, so only the share recipient can decrypt the DEK with their Private Key, and then use the DEK to decrypt the item.
Let's dive into it.
Invitation To Connect
Before anything can be shared, 2 Users need to establish a connection. In order to create a connection in this example, User 1 (Alice) will invite User 2 (Bob)
The process can be described in the following sequence diagram:
At step (1) User 1 generates a Keypair which will be used for inviting another user, and later for the key exchange.
Steps 2-4 are part of the standard procedure used for storing Keypairs in the Keystore. If there is a Keypair, it is encrypted by the Key Encryption Key (KEK) and stored in the Keystore. Please read guide Setting Up Access to the Vault and Keystore if you haven't read it yet.
In steps 5 and 6,
stores the Public Key. In steps 5-7 User 1 creates an invitation using the following as input:
- email of the user that User 1 wants to connect to (User 2)
- the Public Key
After step 7 the Vault sends an invitation email to User 2.
Accepting Invitation
In this section we'll describe the scenario when User 2 accepts the invitation from User 1.
This process can be described in the following sequence diagram:
Most of these steps are the the same steps of User 1 in the previous section: just like User 1, User 2 generates a Keypair for this connection (step 9), encrypts it and stores in the Keystore (steps 10-12), and publishes the Public Key in the Vault (steps 13-14).
The most important step is a call to create a connection as step 13. The parameters of the call are the invitation ID and the invitation token.
The most important results after these two sections are as follows:
- The connection between User 1 and User 2 has now been established
- User 1 has access to the Public Key of User 2 on the connection record
- User 2 has access to the Public Key of User 1 on the connection record
Creating A Share
In this section, to create a share, User 1 will generate a DEK dedicated to this share, re-encrypt a item and store it as a share, and share the DEK with User2, encrypted by the Public Key of User 2.
Creation of a share can be described in the following sequence diagram:
At step 19 User 1 generates a DEK. This DEK will be used to encrypt the shared item. We also need to have the key readable by User 2, so at step 20 we encrypt the same DEK with the Public Key of User 2.
In steps 21-23 User 1 encrypts the item data with the shared DEK and creates a Share record.
The main results of these steps are as follows:
- A DEK has been created and encrypted with User 2's public key
- A Share record has been created in the Vault with the encrypted DEK, and it is linked to the connection between User 1 and User 2
Reading The Share
Reading of the share can be described in the following sequence diagram:
First in step 24 User 2 retrieves a list of all items both his own and shared incoming.
If there is a new share User 2 needs to decrypt and read, in step 26 User 2 requests the share details.
User 2 also retrieves the DEK in steps 26-27, decrypts it with their Private Key in step 28 and decrypts the share in step 29.
Last modified 5mo ago