FEAT | Write session key #25
Description
🚀 Feature Proposal
Create write session keys in a lazy fashion as first bucket write occurs. Improve allowed from determinations to include checking for content signed by session keys (also in a lazy load).
{
id: String,
owner: String,
keyid: String,
fingerprint: String,
public: String
}
If actor is allowed writer create a new seperate keychain for an ephmeral identity ( ie session-{session.id}.bucket-${bucket.id}@gpgfs.xyz ). Sign+encrypt the ephemeral identity (or don't) into a special writer-sessions/session-${session.id} metadata json.
We should set last writer fingerprint (along with root actor keyid if we're non-anon) directly in the bucket/index. A read will trigger verification that session key was originally signed+encrypted by any allowed writer (or is an allowed writer key).