🚀 Getting Started
MLS Setup and Initialization
In 15 minutes: Set up your first MLS implementation
Prerequisite: None
🎯 Quick Start
Before diving into complex code, let's set up MLS basics:
- Choose your implementation library
- Set up ciphersuite
- Initialize MLS manager
- Generate key packages
- Create your first group
📦 Choosing Your Library
ts-mls (TypeScript/JavaScript)
npm install ts-mls
Pros: Pure JS, easy to use, good TypeScript support
Cons: Slower than Rust/C implementations
OpenMLS (Rust)
[dependencies]
openmls = 0.6
Pros: Native speed, RFC 9420 compliant
Cons: Rust required
🎭 Code: Basic Setup
Initialize TLS Manager
import { MLSManager } from 'ts-mls';
// Step 1: Create manager
const alice = new MLSManager('alice@example.com');
// Step 2: Choose ciphersuite and initialize
await alice.initialize();
What this does:
- Creates crypto provider for Alice
- Sets up cryptographic primitives
- Initializes MLS state
Understand Ciphersuites
MLS uses ciphersuites to define which crypto algorithms to use:
// Common ciphersuite
const cipherSuiteName = 'MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519';
// Breakdown:
// ├─ MLS_128: Security level (128-bit)
// ├─ DHKEMX25519: Key exchange (Curve25519)
// ├─ AES128GCM: Symmetric encryption
// ├─ SHA256: Hash function
// └─ Ed25519: Digital signatures
This is the "MLS_128_X25519_AESGCM_SHA256_Ed25519" from RFC 9420.
🗝️ Key Packages
Every MLS client needs a key package to join groups:
// Alice generates her key package
const aliceKeyPackage = await alice.generateKeyPackage();
// Returns:
// {
// publicPackage: KeyPackage, // Can share publicly
// privatePackage: PrivateKeyPackage, // Keep secret
// userId: 'alice@example.com'
// }
Public package contains:
- Identity (email, username, etc.)
- Public keys (encryption, signature)
- Capabilities (which algorithms)
- Lifetime (how long valid)
Private package contains:
- Private keys (encryption, signature)
- Keep secret
📋 Complete Setup Flowchart
🎮 Quick Checklist
Setup Checklist
- Choose implementation (ts-mls recommended for beginners)
- Install library
- Create MLSManager instance
- Initialize with ciphersuite
- Generate key package
- Store private package securely
- Share public package
- Create first group
💾 Storing Keys Securely
// ⚠️ IMPORTANT: Key packages contain secrets
// DO NOT store private packages like this:
const bad = JSON.stringify(aliceKeyPackage.privatePackage);
// DO use key storage:
import * as crypto from 'crypto';
const encrypted = crypto.privateEncrypt({
key: fs.readFileSync('storage-key.pem'),
passphrase: 'strong-password'
}, aliceKeyPackage.privatePackage);
✅ Quick Check
Question 1: What's the difference between public and private key packages?
Show Answer
Public key package:
- Can share with anyone
- Contains public keys (encryption, signature)
- Used by others to encrypt for you
Private key package:
- Keep secret
- Contains private keys (encryption, signature)
- Used to decrypt messages for you
Answer: Public = shareable, private = secret
🎓 Key Takeaways
✅ ts-mls = Recommended for beginners
✅ Ciphersuites = Define crypto algorithms
✅ Key packages = Identity card for MLS
✅ Public package = Share freely
✅ Private package = KEEP SECRET
✅ Initialize = Setup crypto provider
✅ GenerateKeyPackage = Get your MLS identity