Skip to content
Stephen Oliver edited this page Aug 31, 2016 · 1 revision

Allow you to save named pages in Freenet. They are a variant of Signed Subspace Keys where the private and public keys are both derived from a keyword rather than generated randomly.

A KSK address looks like this:

http://127.0.0.1:8888/KSK@gpl.txt

A KSK address can be a redirection to a CHK address, or it can contain the file itself.

Collisions

KSKs are not secure against spamming or name hijacking, limiting their usefulness to a handful of scenarios.

Several people could each insert a different file to Freenet, all with the same KSK name. There is voluntary collision detection in fred, which tries to prevent overwriting of a once-inserted page.

Constraints

The KSK name should not contain slashes, just as with other keys (slashes are used to denote Manifests or Containers).

How KSKs work

The file description (e.g. mysite/foobar/file.txt) is used to deterministically generate a cryptographic public/private keypair, and a symmetric encryption key. This means that give the same file description, anyone will always be able to generate the same keypair.

The public half of the keypair is stored with the data, and is used to verify the data.

The symmetric encryption key is used to encrypt the file itself, so a Freenet user can plausibly deny knowledge of having this file in their cache; because if they don't know the file description, and thus the decryption key, they can't retrieve the file.

The private half of the keypair is used to sign the file, so it is only possible to write the file data if you know the file description, but it can be fetched, and verified, by only the hash of the public key.

To retrieve the file, someone only needs to know the file description, since the decrypting key and the file's index can be derived from this.

Clone this wiki locally