I just watched the talk from davos where the linkedup system was demoed by stanley and there was no password or login neccesary. Pretty cool stuff but I can’t find anything in the SDK docs about it. Would anybody care to elaborate how this identity system works and where it is stored?
Also given the huge amount of cryptographic knowledge on the team will there be some cool stuff with zero knowledge proofs in there where you can proof things about your identity without revealing it?
Just saw that there is some more information on this in the Hackin’ on the internet computer | ep.2 from Hans. Hope that there is more info coming soon!
Basically in the browser it uses window.localStorage.getItem("dfinity-ic-user-identity");
If there is no value, it will generate a keypair ed25519.
An example of value for the keypair is (string):
{"publicKey":{"type":"Buffer","data":[177,63,134,59,212,126,117,241,228,26,166,184,141,161,239,9,255,177,163,226,93,233,184,72,24,64,17,254,75,38,160,140]},"secretKey":{"type":"Buffer","data":[44,109,51,234,54,242,252,114,68,134,115,255,212,215,197,217,246,67,184,73,29,44,201,119,195,115,251,13,220,240,85,72,177,63,134,59,212,126,117,241,228,26,166,184,141,161,239,9,255,177,163,226,93,233,184,72,24,64,17,254,75,38,160,140]}}
You can make a new keypair using the function from ic:userlib makeKeyPair, generateKeyPair.
They serialize, deserialize respectively using JSON.parse JSON.stringify
In order to instantiate a new actor using js-user-library (using nodeJS or other) with a custom canisterId and custom keypair you can use this snippet:
// ../js-user-library can be replaced with $HOME/.cache/dfinity/versions/0.5.5/js-user-library
const { makeAuthTransform, makeKeyPair } = require("../js-user-library/src/auth");
const { makeNonceTransform } = require("../js-user-library/src/http_agent_transforms");
const { HttpAgent } = require("../js-user-library/src/http_agent");
const fetch = require("node-fetch");
const FTIDL = ({ IDL }) => {
return IDL.Service({
// the content of `canisters/{canisterName}/main.did.js`
helloWorld: IDL.Func([IDL.Nat32], [IDL.Bool], []),
});
};
// host http://localhost:8000 or DFINITY API
// canisterId is `ic:xxxxx`
// keyPair is the keypair object (JSON.parse(window.localStorage.getItem("dfinity-ic-user-identity")))
function getActor(host, canisterId, keyPair) {
const kp = makeKeyPair(keyPair.publicKey.data, keyPair.secretKey.data);
const httpAgent = new HttpAgent({ host: host, fetch: fetch });
httpAgent.addTransform(makeNonceTransform());
httpAgent.addTransform(makeAuthTransform(kp)); // here you could use another middleware that would sign the request, HSM integration for example, etc
const actor = httpAgent.makeActorFactory(FTIDL)({
canisterId: canisterId,
httpAgent: httpAgent
});
return actor;
}
That’s awesome thank you for the elaborate reply!
I have follow-up question. Using the dfx (v0.7.0-beta4) cli tool, I can create identity local to my machine
dfx identity new bob
This would create a .pem file holding a base64 encoded secretKey in ~/.config/dfx/identity/bob/identity.pem.
Question: How does this .pem file relate to the ED25519 key generated in browser? Can I import this .pem secretKey into browser and convert it into a Ed25519KeyIdentity, or vice versa?
For those following this thread: The follow-up question is discussed at How does user login to specific identity?