Skip to content

Shipping Address Encryption with Hermes-eth

UMP uses Hermes-eth to keep your shipping address private and secure when you buy items. This guide explains how it works in simple terms.

What is Hermes-eth?

Hermes-eth is a secure encryption protocol designed for the Ethereum blockchain. It converts sensitive information into a protected format so that only the intended recipient—using a combination of their wallet and a secret key or password—can decrypt and access the original data. This means that details like your shipping address remain confidential, even when stored on a public ledger.

How It Works

For Sellers

When you create your store, you'll need to set up message encryption:

  • You choose a strong password
  • Your wallet and password work together to create a special "public key"
  • This public key is stored on the blockchain
  • Only you can decrypt messages using your wallet and password together

For Buyers

When you buy something:

  • You enter your shipping address
  • Our system uses the seller's public key to encrypt your address
  • Only the encrypted version of your address is stored on the blockchain
  • Nobody except the seller can read your real address

For Both Parties

  • The system uses advanced encryption (AES-256-GCM) to protect your information
  • All encryption happens in your web browser
  • Your real address never touches the blockchain - only the encrypted version does
  • The system includes a verification feature to make sure the message wasn't changed

Technical Details

For those interested in the technical side, here's a brief overview:

Encryption Process

  • Uses AES-256-GCM for the main encryption
  • Creates an ephemeral (one-time) key pair for each message
  • Combines the ephemeral key with the recipient's public key to create a shared secret
  • Includes padding to hide the real message length
  • Optionally adds verification hashes

Message Format

Each encrypted message contains the following components:

{
  encryptedData: string;     // Hex-encoded encrypted data
  ephemeralPublicKey: string;// Public key for this message
  iv: string;               // AES-GCM initialization vector
  scheme: 'password';       // Encryption scheme identifier
  verificationHash?: string;// Optional: Hash for verification
  verificationEnabled?: boolean; // Optional: Whether verification is enabled
}

Security Features

  • Forward secrecy via ephemeral keys
  • Two-factor security (requires both wallet private key and secret messaging key)
  • Messages padded to prevent length analysis
  • Recipients can destroy secret messaging keys to make messages permanently unreadable while retaining Ethereum private key.
  • Optional third party message verification using salted hashes

The original code can be found here.