{"id":"c1142","filename":"c1142_p2_kanalporu_e2e_enkripcija.dok.json","weise3_id":"c1142_p2_kanal_e2e_20260524","tip":"implementacija","naziv":"P2 KanalPoruka E2E enkripcija — ML-KEM-768 + AES-GCM-256","kreator":"genesis","datum":"2026-05-24","snippet":"","status":"","prev_weise3":"","bunker_l":"#00d4ff","full":{"tip":"implementacija","naziv":"P2 KanalPoruka E2E enkripcija — ML-KEM-768 + AES-GCM-256","weise3_id":"c1142_p2_kanal_e2e_20260524","sustav":"fenix-v4","zakon":["ZAKON 37 — FenixVault ML-KEM-768","ZAKON 43 — krunica_hash u svakom atomu","ZAKON 26 — schema contract","ZAKON 32 — fix ima chain entry"],"datum":"2026-05-24","sto_je_napravljeno":{"1_atom_adresiran":"services/atom_adresiran.py — već postojao, potpuno implementiran (327 linija). Rust backend AKTIVAN (libgenesis_dna.so). ML-KEM-768 keygen/encap/decap 100% NIST L3.","2_model":"kanal/models.py — dodana 2 nova polja: atom_payload (JSONB nullable) i atom_adresiran (Boolean NOT NULL DEFAULT FALSE) + ix_kp_e2e index.","3_migracija":"ALTER TABLE kanal_poruka ADD COLUMN IF NOT EXISTS atom_payload JSONB; ALTER TABLE kanal_poruka ADD COLUMN IF NOT EXISTS atom_adresiran BOOLEAN NOT NULL DEFAULT FALSE; CREATE INDEX ix_kp_e2e.","4_router":"kanal/router.py — dodano: (a) Redis import + redis_client na razini modula (fix predpostojećeg buga — redis_client se koristio ali nije bio definiran), (b) PorukaE2ERequest schema, (c) PorukaE2EOut schema, (d) _redis_publish_e2e helper, (e) posalji_e2e_poruku endpoint, (f) dohvati_e2e_poruke endpoint.","5_bugfix":"kanal/router.py linija 1165: pathlib.Path() → Path() (pathlib nije bio importan na toj poziciji — predpostojeci bug koji je sprečavao učitavanje kanal routera!)"},"novi_endpointi":["POST /api/v4/kanal/e2e/poruka/ — šalje E2E enkriptiranu poruku (Opcija A: server enkriptira plaintext; Opcija B: klijent šalje gotov AtomPayload)","GET  /api/v4/kanal/e2e/soba/{ref_id}/ — dohvaća E2E poruke sobe; klijent dekriptira lokalno s Kyber dk"],"kriptografski_stack":{"kem":"ML-KEM-768 (NIST FIPS 203, Razina 3) via libgenesis_dna.so (Rust)","aead":"AES-GCM-256 via Python cryptography (FIPS 140-3)","hash":"SHA3-256 via hashlib (krunica_hash, ZAKON 43)","rust_backend":true,"ek_size":"1184 B","dk_size":"64 B (seed)","ct_kem_size":"1088 B","ss_size":"32 B"},"roundtrip_test":{"keygen":"OK","enkriptiraj_2_clana":"OK","ivan_dekriptira":"OK — plaintext match","marija_dekriptira":"OK — plaintext match","netko_treci_blokiran":"OK — PermissionError","integritet_provjera":"OK — krunica_hash valjan"},"baza":{"host":"localhost:5432","baza":"fenix_v4_dev","tablica":"kanal_poruka","nova_polja":["atom_payload JSONB","atom_adresiran BOOLEAN NOT NULL DEFAULT FALSE"],"novi_index":"ix_kp_e2e ON kanal_poruka (atom_adresiran, ref_id)"},"servis":{"naziv":"gunicorn-fenix-v4.service","status":"active (running)","startup":"GenesisKanal: aktivan","e2e_routes_ok":true},"napomena":"plaintext NIKAD ne ulazi u bazu — sadrzaj polje uvijek '[E2E enkriptirano]'. Go hub i svi posrednici vide samo enkriptirani AtomPayload. Klijent dekriptira lokalno s dk_bytes (Kyber private key seed).","faze":{"DONE":["services/atom_adresiran.py — ML-KEM-768 Rust backend","kanal/models.py — atom_payload + atom_adresiran polja","ALTER TABLE migracija","kanal/router.py — E2E endpointi","Redis PUBLISH za Go hub (genesis:kanal:e2e:{soba_id})","Bršljan replikacija (ZAKON 2)","Chain entry (ZAKON 32)"],"FUTURE":["KanalSoba.kyber_pk_mapa — pohrana Kyber EK po sudionicima u soba konfiguraciji","JavaScript port atom_adresiran.py za klijentsku dekripciju (WebAssembly ML-KEM-768)","KanalClan model — upravljanje članovima sobe s Kyber EK","Onboarding flow — generiranje Kyber par ključeva za novog člana (atom_keygen)"]}}}