Giters

orbitdb / orbitdb

Peer-to-Peer Databases for the Decentralized Web

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

What is the purpose of an Identity having two public keys?

leblowl opened this issue · comments

commented

At least with the default publickey provider, it looks like an Identity consists of two key pairs, where the public parts of the those keys make up the id and publicKey fields. The private keys of those two sign each other's public key, tying them together, so that id can be used for access control.

orbitdb/src/identities/identities.js

Lines 83 to 91 in 9b8bcb7

const id = await identityProvider.getId(options)
const privateKey = await keystore.getKey(id) || await keystore.createKey(id)
const publicKey = keystore.getPublic(privateKey)
const idSignature = await signMessage(privateKey, id)
const publicKeyAndIdSignature = await identityProvider.signIdentity(publicKey + idSignature, options)
const signatures = {
id: idSignature,
publicKey: publicKeyAndIdSignature
}

What benefit does this approach provide? Why not just use publicKey? Thanks!

commented

By having a root or parent key, we can derive child keys from that parent and grant access per db. We grant access to the “root key” which can sign “child keys” and then those “child keys” can write to the db. So whether different dbs are written to by different child keys doesn’t make a difference. The root key is like a “user” and the child keys are “devices”.

commented

Marking as answered. If you would like to discuss this concept further with the community, feel free to move the discussion to https://matrix.to/#/#orbitdb_Lobby:gitter.im.