4.5.1 Envelope structure

At a high level, PXP-201 consists of:

Ciphertext payload stored somewhere (e.g. IPFS or any URI),
Envelope carrying metadata, integrity hashes, and access rules,
Wrapped key material per recipient (WK1: secp256k1 ECDH + HKDF + AES-GCM).

PXP-201 schema

flowchart TB
  A[Plaintext] --> B[AES-256-GCM encrypt\nDEK + nonce]
  B --> C[Ciphertext + ciphertextHash]
  C --> D[Store ciphertext\n(uri e.g. ipfs://...)]
  B --> E[Wrap DEK per recipient\nsecp256k1 ECDH + HKDF-SHA256]
  E --> F[Envelope\nv, typ, cipher, kdf,\naccess.recipients[], uri,\nciphertextHash, meta, createdAt]
  F --> G[validateEnvelope()]
  G --> H[Recipient unwraps DEK]
  H --> I[Decrypt -> Plaintext]

Previous4.5 PXP-201 - Privacyx Encryption Standard Next4.5.2 Why this matters for Privacyx

Last updated 17 minutes ago

Good evening

PXP-201 schema