Problem: I forgot to push some files
Problem: There is no way to register PK <-> user
Problem: README.md is outdated
A DID-inspired implementation of authentication and fact verification, supporting KDF-based self-soverign identities.
PKC
record is "Public Key Cryptography". It's just for signing. It holds some relevant functions, including KDF.DoAuth.Crypto
exports functions with libsodium backend under short, convenient names, including kdf
.
deriveKeypair
function with moderate parameters.deriveKeypair
can be found here (NB! it uses unsafe parameters).rekdf
function. It requires slip and is pure.Implementation notes:
For debugging and forwards-compatibility purposes it's good to have a wrapper over KDF wrapper, allowing us to parametrise cryptography used and substitute the cryptographic solution with debugging solution that merely tags plaintext. To achieve that, in @DoAuth.Crypto@ module, we're having all the functions that execute DoAuth protocol take CryptoConf as the first argument. Versions that are specifed to use libsodium via haskell-crypto are then exported separately, also plaintext-preserving debug versions of every function is exported separately.
Now let's consider the cryptographic part of the protocol:
Since the communication is assumed to be done over an encrypted channel and public[1] claims
See VC Model to see where we drew inspiration from for this part.
Not implemented.
Identity tracker is just a specification of Claims that establish mapping between names to public keys as attested by VC.
Uses Data registry server, not implemented.
Not implemented.
1: "public" here means "everyone who has access to Documents also have access to each Claim within the document". For instance, in a centralised setup, only the data registry itself will have access to Claims. 2: This is a poor person's JWT. The client can store fact about their PK signed by a service provider and then send it to the service or to another service to get authorised.