
A module for working with box2 in SSB DB2

Primary LanguageJavaScript

⚠️ This repo was moved to https://github.com/ssbc/ssb-db2-box2. This archival will remain in this GitHub org ssb-ngi-pointer to demonstrate the outcome of the work done by the SSB NGI Pointer team during 2020 and 2021. The SSB NGI Pointer team is no longer active because we completed our grant project.


A module for working with box2 in SSB DB2. Messages created using this module is compatible with ssb-tribes.


Encrypt a message to self using box2.

const SecretStack = require('secret-stack')
const caps = require('ssb-caps')
const ssbKeys = require('ssb-keys')

const keys = ssbKeys.loadOrCreateSync(path.join(dir, 'secret'))

const sbot = SecretStack({ caps })
  .call(null, { 
     path: './',
     box2: {
       alwaysbox2: true

const testkey = Buffer.from(


let content = { type: 'post', text: 'super secret', recps: [keys.id] }

sbot.db.publish(content, (err, privateMsg) => {
  // privateMsg is now encrypted using box2


SSB-DB2-BOX2 supports ssb-config parameters to configure things:

const config = {
  box2: {
      This variable is only for DMs. Group messages are always using box2.
      For DMs, the problem is figuring out if the other side supports 
      box2 or not. We expect to be able to use metafeeds to determine this
      in the future. For now you can use this variable to use box2 for all
      DMs, otherwise box1 will be used for all.
    alwaysbox2: true



key must be a buffer. By specifying the direct message (DM) for yourself, you are free to supply that from any source. This could be a key stored in ssb-keyring, a key derived from the seed in meta feeds or simply a temporary key. For direct messaging other feeds a key is automatically derived.


filter takes a recp and must return a boolean indicating if recp is a group id or not.

addGroupKey(groupId, groupKey)

groupId must be a string and groupKey must be a buffer. The key can then be used to send messages to the group. Note that keys are not persisted in this module.


Returns the groupKey as a buffer or undefined if group key is not found.


On startup, once all keys have been added be sure to call setReady to signal to DB2 that it is now safe to process data.


cb will resolve once once all initial keys have been added.