What is the purpose of an Identity having two public keys?
leblowl opened this issue · comments
At least with the default publickey provider, it looks like an Identity
consists of two key pairs, where the public parts of the those keys make up the id
and publicKey
fields. The private keys of those two sign each other's public key, tying them together, so that id
can be used for access control.
orbitdb/src/identities/identities.js
Lines 83 to 91 in 9b8bcb7
What benefit does this approach provide? Why not just use publicKey? Thanks!
By having a root or parent key, we can derive child keys from that parent and grant access per db. We grant access to the “root key” which can sign “child keys” and then those “child keys” can write to the db. So whether different dbs are written to by different child keys doesn’t make a difference. The root key is like a “user” and the child keys are “devices”.
Marking as answered. If you would like to discuss this concept further with the community, feel free to move the discussion to https://matrix.to/#/#orbitdb_Lobby:gitter.im.