Onboarding

Adding a device to Aranya requires completing an onboarding procedure. This onboarding procedure is a series of out-of-band exchanges and actions that devices must perform to properly set up their cryptographic identities within the team.

Prerequesites:

1. All devices have a daemon running and syncing (starting the daemon creates a keybundle on startup if one does not exist)
2. A team has been created by the owner device

Onboarding happens in three phases:

1. The new device is added to the team by the owner by publishing an AddMember command
2. The new device adds the team to it’s local storage by invoking AddTeam()
3. The new device syncs the command adding it to the team

Phase 1: Device Addition by Owner

The first stage requires the new device first transfer its keybundle to the owner. The keybundle contains the new device’s public keys, and is used by the Aranya graph to authenticate and authorize actions.

Phase 2: Team added locally by device

Once the new device is added to the team by the owner, the team needs to be tracked in local storage by adding the team on the new device. This also allows the new device to receive the information required to establish encryption keys for syncing.

Phase 3: Synchronization Setup

Finally, the new device needs to sync the command adding it to the team. It can sync with any device on the team with this command.

Note: It is common to see “no such storage” errors on the device being added if it syncs before the team is fully initialized locally. These are non-fatal errors and will resolve once the device has synced the AddMember command and has set up the local storage.