dfinity · altkdf · Jun 27, 2025 · Jun 27, 2025 · Jun 27, 2025 · Jun 27, 2025
@@ -0,0 +1,67 @@
+name: examples-encrypted-notes-dapp
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    paths:
+      - examples/encrypted_notes_dapp_vetkd/**
+      - backend/**
+      - Cargo.toml
+      - Cargo.lock
+      - frontend/ic_vetkeys/**
+      - package.json
+      - package-lock.json
+      - .github/workflows/provision-darwin.sh
+      - .github/workflows/provision-linux.sh
+      - .github/workflows/examples-encrypted-notes-dapp.yml
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+jobs:
+  examples-encrypted-notes-dapp-rust-darwin:
+    runs-on: macos-15
+    steps:
+      - uses: actions/checkout@v4
+      - name: Provision Darwin
+        run: |
+          bash .github/workflows/provision-darwin.sh
+      - name: Deploy Encrypted Notes Dapp VetKD Darwin
+        run: |
+          set -eExuo pipefail
+          cd examples/encrypted_notes_dapp_vetkd/rust
+          dfx start --background && dfx deploy
+  examples-encrypted-notes-dapp-rust-linux:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v4
+      - name: Provision Linux
+        run: bash .github/workflows/provision-linux.sh
+      - name: Deploy Encrypted Notes Dapp VetKD Linux
+        run: |
+          set -eExuo pipefail
+          cd examples/encrypted_notes_dapp_vetkd/rust
+          dfx start --background && dfx deploy
+  examples-encrypted-notes-dapp-motoko-darwin:
+    runs-on: macos-15
+    steps:
+      - uses: actions/checkout@v4
+      - name: Provision Darwin
+        run: |
+          bash .github/workflows/provision-darwin.sh
+      - name: Deploy Encrypted Notes Dapp VetKD Darwin
+        run: |
+          set -eExuo pipefail
+          cd examples/encrypted_notes_dapp_vetkd/motoko
+          dfx start --background && dfx deploy
+  examples-encrypted-notes-dapp-motoko-linux:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v4
+      - name: Provision Linux
+        run: bash .github/workflows/provision-linux.sh
+      - name: Deploy Encrypted Notes Dapp VetKD Linux
+        run: |
+          set -eExuo pipefail
+          cd examples/encrypted_notes_dapp_vetkd/motoko
+          dfx start --background && dfx deploy
@@ -0,0 +1,32 @@
+# Encrypted notes: vetKD
+
+This is a copy of the [`encrypted-notes-dapp` example](https://github.com/dfinity/examples/tree/master/motoko/encrypted-notes-dapp), adapted to use [vetKeys](https://internetcomputer.org/docs/building-apps/network-features/vetkeys/introduction) and add sharing of notes between users.
+
+In particular, instead of creating a principal-specific AES key and syncing it across devices (using device-specific RSA keys), the notes are encrypted with an AES key that is derived (directly in the browser) from a note-ID-specific vetKey obtained from the backend canister (in encrypted form, using an ephemeral transport key), which itself obtains it from the vetKD system API. This way, there is no need for any device management in the dapp, plus sharing of notes becomes possible.
+
+The vetKey used to encrypt and decrypt a note is note-ID-specific (and not, for example, principal-specific) to enable the sharing of notes between users. The derived AES keys are stored as non-extractable CryptoKeys in an IndexedDB in the browser for efficiency so that their respective vetKey only has to be fetched from the server once. To improve the security even further, the vetKeys' derivation information could be adapted to include a (numeric) epoch that advances each time the list of users with which the note is shared is changed.
+
+Currently, the only way to use this dapp is via manual local deployment (see below).
+
+Please also see the [README of the original encrypted-notes-dapp](https://github.com/dfinity/examples/tree/master/motoko/encrypted-notes-dapp/README.md) for further details.
+
+## Prerequisites
+
+This example requires an installation of:
+
+- [x] Install the [IC SDK](https://internetcomputer.org/docs/current/developer-docs/setup/install/index.mdx).
+- [x] Install [npm](https://www.npmjs.com/package/npm).
+
+## Deploy the Canisters
+
+If you want to deploy this project locally with a Motoko backend, then run:
+```bash
+dfx start --background && dfx deploy
+```
+from the `motoko` folder.
+
+To use the Rust backend instead of Motoko, run the same command in the rust folder.
+
+## Troubleshooting
+
+If you run into issues, clearing all the application-specific IndexedDBs in the browser (which are used to store Internet Identity information and the derived non-extractable AES keys) might help fix the issue. For example in Chrome, go to Inspect → Application → Local Storage → `http://localhost:3000/` → Clear All, and then reload.