Question about NNS App & Internet Identity

Hey, I have the following question related to NNS app & Internet Identity (II) -

Since new private & public keys are generated for every device that I link with my II anchor, I am facing problems in understanding which public key is used for generating the Main account address of NNS app. If I am not wrong, the public key of the first device linked should be used for generating Main account’s address. If this is correct then, assuming that I have linked several devices to my anchor after its creation, which public key is chosen for subsequent account creation?

It’s possible that I am missing some link!

Thanks!

Hey @jmall18

The device private keys are only used by WebAuthn to authenticate the user’s relationship to their II anchor. The II canister has its own private key associated with that anchor that is accepted by the Ledger and Governance canisters as the controlling key for the account and neurons (and whose principal is shown on the Neurons page).

So the main account’s address is created independently of the device keys, and adding another device will not create another account.

1 Like

Hey @CarstenJ thanks for your response!

If the private keys are stored on II, isn’t possible for node operators to read canister module’s memory? Let me know, if I am missing something!