Do not use the Shared Key auth model for public applications.

Shared key is not suitable for apps deployed to the public app store, because the key could be reverse-engineered. Shared key is designed for enterprise applications run on centrally managed devices that do not connect to the Internet.

If you need to synchronize data over the Internet with the Big Peer or deploy to the app store, use 

Ditto offers an intermediate level of security for applications where all users and devices are trusted. For example, this could be appropriate for an enterprise application run on centrally managed devices. In this mode, every device knows the same secret key, and uses this to validate incoming connections. The benefit of this approach is that distinct certificates do not have to be distributed to every device, simplifying the deployment. However, the downside is that devices will always have access to data. A compromised device can read and re-distribute the key, and there is no method to unauthorize that key in the future.

 identity type. The secret key must be provided as a string when initializing the 

 on each peer. This key should be securely and randomly generated and Ditto expects it to be in a particular format.

The recommended way to generate a shared key is to download Ditto's open-source, cross-platform utility 

, which provides an easy command to generate new shared keys from a terminal or command prompt:

Alternatively, if you have a Linux machine running an up-to-date version of OpenSSL then you can use the following command. At time of writing this will not work on Macs.

The SharedKey identity requires an offline-only license token, which can be requested by contacting 

Communication is encrypted using TLS 1.3 and peer identities are verified using certificates. This is the same state-of-the-art technology used in web browsers. It applies to every communication mode from Bluetooth to WiFi.

Each device issues a self-signed TLS certificate using the supplied private key. Peers then only trust peers whose certificates are signed by the same key. In other words, Shared Key uses regular TLS security, except everybody is the CA.

Authentication

Shared Key

linux_aarm_supported_version

android_supported_version

ipados_supported_version

ios_supported_version

windows_x64_supported_version

mac_supported_version

linux_x64_supported_version

End-User Access

ditto

Where you get expert information for building cloud‑optional apps using Ditto.

SDK v4.6

Welcome to Ditto Docs - V4.6

Sync Credentials

Swift

Kotlin

JavaScript | Web

Node.js

React Native

Java

Rust

Install Guides

'Hello World' Sync

Get Started

About Ditto

Mesh Networking 101

Data Handling Essentials

Basic Concepts

Fields

Collections

Identifiers

Relationships

REGISTER

ATTACHMENT

Data Types (cloned)

Document Model

CREATE

READ

UPDATE

DELETE

CRUD Operations

Starting and Stopping Sync

Managing Sync Subscriptions

Customizing Transport Configurations

Creating Sync Groups

Transports Overview

Small Peer Presence

Consistency Models

Certificate-Based Security

Security

API Reference

JavaScript Web | Node.js | React Native

Java - Android

Directory of Compatibility Maps

SDK Size by Language

JavaScript Web

Java - Andorid

Compatibility Maps

Directory of Release Notes

JavaScript | Web and Node.js

Release Notes

Legacy-to-DQL Reference

Legacy-to-DQL Adoption Guide

Query Syntax (Legacy)

Documents and IDs (Legacy)

Legacy