Identity
Calimero Decentralized Identityβ
Calimeroβs decentralized identity framework is designed to provide secure, anonymous, and decentralized control across the network. It leverages multiple types of cryptographic keys to manage identities and ensure the integrity of operations within the network.
Network identityβ
Network identity is defined within the configuration file on each node. This
identity is derived from network keys, which generate a unique
Peer ID
for each node, allowing peers to identify themselves to other peers in
the network.
Network Keysβ
Network keys are used to authenticate nodes within the network, with each node having a unique private-public key pair that it uses to verify its identity to other nodes. During connection setup, nodes exchange public keys to ensure they are communicating with the intended parties. More in Network
Context identityβ
Context identity allows users to identify themselves within a specific context. Users can have arbitrary number of identities within a specific context which remains encapsulated within the context. These identities are linked to runtime keys, with each context identity connected to one runtime key.
Decentralized Identity (DID) documentβ
All context-specific identities and node keys are managed through a Decentralized Identity (DID) document stored on the node. This document includes:
Calimero's key management utilizes multiple keys for various purposes, ensuring secure, anonymous, and decentralized control across the network. This structure underpins secure and efficient operations within the Calimero Network, facilitating both node and application functionalities.
Root keysβ
Root keys provide full access for node operations, including managing root keys, listing identifiers, and generating new client keys. Web3 wallets can be used as fundamental for root keys, simplifying the setup process.
Client keysβ
Client keys are generated on login and used by the frontend. Stored in browser local storage, these keys initiate applications and server as permissioned access to the node.
Client Key Usage:
- Key Creation: Users generate a new keypair in their browser.
- Verification:
- A Verifiable Presentation Request is sent to the node, which responds with a challenge.
- The challenge and public key are signed using the root key.
- Upon node verification of the request and signature, the new key is cleared for JSONRPC API communication from the browser to the node.
Calimero's TypeScript SDK supports developers in building browser and CLI applications by simplifying interaction with the network.
Runtime keysβ
Runtime keys are used for signing transactions within a context, with the appropriate key selected based on the context identity.
Encryption keysβ
Keys used for encrypting and decrypting messages between peers in the context. Each context has its own encryption key. More in Encryption