Public Key Cryptography - Signing

Public key cryptography is solid, mature, and well-documented. This project uses standard open-source implementations and formats.
A cryptographic identity consists of a public/private key pair.
- The public key is shared openly, like a username.
- The private key is kept secret, like a password.
The key holder can "sign" data using his private key.
That signature can be verified by anyone with the signer’s public key, ensuring:
- the data was genuinely signed by the holder of the corresponding private key.
- the signed data has not been modified.
No usernames or passwords are required — signed data is its own proof.

Strong cryptography is hard to defeat (that's why Bitcoin works).

("Liberating Trust", when I'm feelin' melodramatic ;)
(Unlike cryptography, the Internet liberated spam and misinformation, when I'm feeling realistic.)

Demo: Signature Verification

Click the right arrow to verify the signature
Go back, change or remove any part of this (public key, content, signature), and verify again; the signature will be detected as INVALID.

Who said that?

Unless we know who's key that is, the whole thing is vapid. (A robot can sign, but a robot can't get me to vouch for its humanity;)

Cryptographic Keys are Cryptic

Unlike the usernames and passwords were used to, public/private cryptographic key pair are long and cryptic and can't practically be spoken or memorized. This is why we use QR codes (or occasionally copy/paste) to communicate them.

Sample public key

QR code allows us to communicate public keys using our phones.
JSON format is used when computers communicate with each other.

{

"crv": "Ed25519",

"kty": "OKP",

"x": "rHT5B3q3rBCtNUaSBwT7DxT2Y0Q6fgvmhNKbVhJ_BtQ"

}

Sample public/private key pair

(We don't scan each other's private keys)

{

"crv": "Ed25519",

"kty": "OKP",

"x": "rHT5B3q3rBCtNUaSBwT7DxT2Y0Q6fgvmhNKbVhJ_BtQ",

"d": "_MaCrtWx2jHTOrujWXVeihaBBJHF09QUxzwnk6GGiEQ"

}

Cryptographic Key Pairs come in Pairs

Lose your private key and your public key is abandoned. You'll have to get a new pair, can't just replace the private key.

Our use

Identity Layer: Your public key is your identity; you vouch for another's humanity and identity by signing a statements that include their public key (which is their identity).
Delegate Keys: You create and give other services disposable public/private key pairs and use your private identity key to sign statements stating that these key pairs represent you on those services.