Secure Transfer Protocol
Cryptographic chain of custody for .0nv containers.
The 0nVault secure transfer protocol provides replay prevention, transfer ID tracking, and an immutable chain of custody for every container transfer. Each transfer is cryptographically signed and logged.
Transfer Protocol Features
Transfer Registry
Every transfer is registered with a unique Transfer ID, sender signature, recipient public key, timestamp, and layer access grants. The registry is append-only.
Replay Prevention
Each transfer includes a nonce and timestamp. The recipient verifies the nonce has not been seen before and the timestamp is within an acceptable window, preventing replay attacks.
Transfer ID Tracking
A UUID v7 Transfer ID is generated for each transfer operation. This ID is embedded in the container's transfer log and can be used to trace the complete chain of custody.
Sender Verification
The sender signs the transfer with their Ed25519 private key. The recipient can verify the sender's identity using the published public key, ensuring transfers are not forged.
Layer Re-encryption
During transfer, layers are re-encrypted for the recipient using X25519 ECDH key agreement. The sender's copy remains encrypted with the original keys.
Immutable Transfer Log
The container's transfer log section is append-only. Each entry includes the Transfer ID, parties involved, layers transferred, and cryptographic proofs.
Transfer Flow
1. Sender initiates transfer transfer_id = UUIDv7() nonce = random(32) timestamp = now()2. Sender signs transfer sig = Ed25519.sign(sender_key, transfer_id || nonce || timestamp || recipient_pk || layer_grants)3. Re-encrypt authorized layers shared_secret = X25519(sender_sk, recipient_pk)4. Append to transfer log log.append(transfer_id, sender, recipient, layers, sig, timestamp)