bytelyst/learning_ai_common_plat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs(e2ee): update roadmap — Sprint 4.1/4.2 native SDKs complete

Browse Source 
- Swift BLFieldEncrypt: 22 XCTest tests, CryptoKit AES-256-GCM
- Kotlin BLFieldEncrypt: 21/21 JUnit5 tests, javax.crypto AES-256-GCM
- Both wire-compatible with @bytelyst/field-encrypt EncryptedField JSON
This commit is contained in:
saravanakumardb1 2026-03-21 10:58:47 -07:00
parent ee762b4612
commit e59dcdb9ac
1 changed files with 11 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
docs/devops/END_TO_END_ENCRYPTION_ROADMAP.md
View File

@ -1,7 +1,7 @@
# ByteLyst — End-to-End Encryption Implementation Roadmap
> **Purpose:** Phased implementation plan for encryption across the ByteLyst ecosystem.
> **Status:** Phase 1 + Phase 2 (Sprint 3) COMPLETE — 6 product backends encrypted
> **Status:** Phase 1 + Sprint 3 + Sprint 4.1/4.2 COMPLETE — 6 backends + native SDKs
> **Author:** AI Architecture Review
> **Last updated:** 2026-07-12
> **Design doc:** [`END_TO_END_ENCRYPTION_DESIGN.md`](END_TO_END_ENCRYPTION_DESIGN.md)
@ -280,48 +280,23 @@ Week 1-2 Week 3-4 Week 5-6 Week 7-8 Week 9-10 Week 11-14
#### 4.1 Swift Platform SDK — `BLFieldEncrypt`
- [ ] **4.1.1** Create `Sources/BLFieldEncrypt.swift` in `packages/swift-platform-sdk/`
```swift
import CryptoKit
public struct BLFieldEncrypt {
/// Encrypt a string field with AES-256-GCM
public static func encrypt(_ plaintext: String, key: SymmetricKey) -> EncryptedField
/// Decrypt an encrypted field
public static func decrypt(_ field: EncryptedField, key: SymmetricKey) -> String?
/// Check if a JSON value is an encrypted field
public static func isEncrypted(_ value: Any) -> Bool
}
public struct EncryptedField: Codable {
public let __encrypted: Bool // always true
public let v: Int // version
public let alg: String // "aes-256-gcm"
public let ct: String // ciphertext (base64)
public let iv: String // IV (hex)
public let tag: String // auth tag (hex)
public let dekId: String // DEK identifier
}
```
- [x] **4.1.1** Create `Sources/BLFieldEncrypt.swift` in `packages/swift-platform-sdk/`
- `BLEncryptedField` Codable struct + `BLFieldEncrypt` enum (CryptoKit AES-256-GCM)
- encrypt/decrypt, AAD support, generateKey, keyFromHex, isEncrypted
- Data hex helpers (hexString, init?(hexString:))
- [ ] **4.1.2** Key derivation from Keychain-stored secret
- [ ] **4.1.3** Unit tests (XCTest)
- [x] **4.1.3** Unit tests (XCTest) — 22 tests in BLFieldEncryptTests.swift
**Commit:** `feat(swift-sdk): add BLFieldEncrypt for client-side AES-256-GCM encryption`
#### 4.2 Kotlin Platform SDK — `BLFieldEncrypt`
- [ ] **4.2.1** Create `src/main/.../BLFieldEncrypt.kt` in `packages/kotlin-platform-sdk/`
```kotlin
object BLFieldEncrypt {
fun encrypt(plaintext: String, key: SecretKeySpec): EncryptedField
fun decrypt(field: EncryptedField, key: SecretKeySpec): String?
fun isEncrypted(value: Any?): Boolean
}
```
- [x] **4.2.1** Create `src/main/.../BLFieldEncrypt.kt` in `packages/kotlin-platform-sdk/`
- `BLEncryptedField` data class + `BLFieldEncrypt` object (javax.crypto AES-256-GCM)
- encrypt/decrypt, AAD support, generateKey, keyFromHex, isEncrypted
- ByteArray/String hex extension functions
- [ ] **4.2.2** Key derivation from BLSecureStore
- [ ] **4.2.3** Unit tests (JUnit5)
- [x] **4.2.3** Unit tests (JUnit5) — 21/21 passing in BLFieldEncryptTest.kt
**Commit:** `feat(kotlin-sdk): add BLFieldEncrypt for client-side AES-256-GCM encryption`