Skiff is Open Sourcing
Transparency is a core component of Skiff's philosophy
We believe that open sourcing is an essential part of building trust around secure products. As a first step to completely open sourcing Skiff, we're sharing two key components of the Skiff codebase: our typed-AEAD envelope and UI component libraries.
As we scaled out our platform, it became important to be able to inspect metadata without having to decrypt objects. This would both save compute and prevent decryption of badly-formatted data.
Our authenticated encryption with associated data (AEAD) envelopes library allows us to embed additional information in the output of encryption functions. While the nacl family of envelope functions (e.g. secretbox) only support encryption-related metadata (e.g. nonces), our library is more extensible. We currently use our AEAD library at Skiff to validate data versions and types.
Skiff UI is a react components library for the Skiff UI Design System. It's currently in-use almost everywhere on our app. Over time we plan to continue adding more security and privacy-focused components to the library. Our hope is that Skiff UI will be able to spread usability to security products more widely.
We look forward to having more eyes on our codebase, and appreciate any feedback. If you have any questions or ideas, feel free to reach out to us at [email protected]