Working with file service I realized, that we need not only alternative ID but also user shadowname.
AlternativeID = sign(user_private_key, “node.url-node.nonce-username-user.nonce-alternative-123”)
Used to verify the user
FileHash = MD5(filename)
Filehash is needed to determine which file to download not showing real file name for security reasons
Shadowname = MD5(Username-node.url-node.nonce-username-user.nonce)
Generated when user gets registered (joined) and stored in local users db (.json file by default). Used to determine the user from which to download file.
- If we are using pregenerated ID for each file, we need separate database for that. That means more code and less reliable.
- Owner of file remains anonymous
- Use Shadowname everywhere instead of username to increase security.