How does identity system work on dfinity

I just watched the talk from davos where the linkedup system was demoed by stanley and there was no password or login neccesary. Pretty cool stuff but I can’t find anything in the SDK docs about it. Would anybody care to elaborate how this identity system works and where it is stored?

Also given the huge amount of cryptographic knowledge on the team will there be some cool stuff with zero knowledge proofs in there where you can proof things about your identity without revealing it?

1 Like

Just saw that there is some more information on this in the Hackin’ on the internet computer | ep.2 from Hans. Hope that there is more info coming soon!

3 Likes

Basically in the browser it uses window.localStorage.getItem("dfinity-ic-user-identity");

If there is no value, it will generate a keypair ed25519.

An example of value for the keypair is (string):
{"publicKey":{"type":"Buffer","data":[177,63,134,59,212,126,117,241,228,26,166,184,141,161,239,9,255,177,163,226,93,233,184,72,24,64,17,254,75,38,160,140]},"secretKey":{"type":"Buffer","data":[44,109,51,234,54,242,252,114,68,134,115,255,212,215,197,217,246,67,184,73,29,44,201,119,195,115,251,13,220,240,85,72,177,63,134,59,212,126,117,241,228,26,166,184,141,161,239,9,255,177,163,226,93,233,184,72,24,64,17,254,75,38,160,140]}}

You can make a new keypair using the function from ic:userlib makeKeyPair, generateKeyPair.

They serialize, deserialize respectively using JSON.parse JSON.stringify


In order to instantiate a new actor using js-user-library (using nodeJS or other) with a custom canisterId and custom keypair you can use this snippet:

// ../js-user-library can be replaced with $HOME/.cache/dfinity/versions/0.5.5/js-user-library

const { makeAuthTransform, makeKeyPair } = require("../js-user-library/src/auth");
const { makeNonceTransform } = require("../js-user-library/src/http_agent_transforms");
const { HttpAgent } = require("../js-user-library/src/http_agent");
const fetch = require("node-fetch");

const FTIDL = ({ IDL }) => {
  return IDL.Service({
    // the content of `canisters/{canisterName}/main.did.js`
    helloWorld: IDL.Func([IDL.Nat32], [IDL.Bool], []),
  });
};

// host http://localhost:8000 or DFINITY API
// canisterId is `ic:xxxxx`
// keyPair is the keypair object (JSON.parse(window.localStorage.getItem("dfinity-ic-user-identity")))
function getActor(host, canisterId, keyPair) {
  const kp = makeKeyPair(keyPair.publicKey.data, keyPair.secretKey.data);
  const httpAgent = new HttpAgent({ host: host, fetch: fetch });
  httpAgent.addTransform(makeNonceTransform());
  httpAgent.addTransform(makeAuthTransform(kp)); // here you could use another middleware that would sign the request, HSM integration for example, etc
  const actor = httpAgent.makeActorFactory(FTIDL)({
    canisterId: canisterId,
    httpAgent: httpAgent
  });
  return actor;
}
6 Likes

That’s awesome thank you for the elaborate reply!

1 Like

I have follow-up question. Using the dfx (v0.7.0-beta4) cli tool, I can create identity local to my machine

dfx identity new bob

This would create a .pem file holding a base64 encoded secretKey in ~/.config/dfx/identity/bob/identity.pem.

Question: How does this .pem file relate to the ED25519 key generated in browser? Can I import this .pem secretKey into browser and convert it into a Ed25519KeyIdentity, or vice versa?

3 Likes

For those following this thread: The follow-up question is discussed at How does user login to specific identity?

2 Likes