Tutorial

Using a Key Store

A Findora key pair consists of a private and public key. The private key must remain secret while the public key can be safely shared with other users. Users utilize key pairs to interact with the Findora network in a variety of interesting ways. For instance, users can use their private key to sign operations to define, issue, or transfer assets. Users can also use their private keys to access assets that have been sent to them.

Findora's JavaScript library exposes a key store object that makes it easy for users to manage their keys. To keep private keys secure, the key store is encrypted under a user-provided password.

Create a new key store:

console.log('Creating key store...');
const PASSWORD = 'findorarocks123';
const keyStore = new KeyStore.KeyStore(PASSWORD);

The key store contains an encrypted seed that deterministically generates new key pairs. Because key generation is deterministic, the key store only needs to encrypt one element of data, the seed!

The seed is encrypted under a master key (PBKDF2 key) derived from the user-provided password. Because generating the master key is expensive, Key store exposes a utility for deriving it. Applications can derive the master key once on load and cache it for the duration of their lifetime.

Deriving the master key:

console.log('Caching master key...');
const masterKey = keyStore.genMasterKey(PASSWORD);

Let's create some key pairs now! Notice that the function to generate a key pair takes a name argument. This name argument is combined with the seed to deterministically generate a key.

console.log('Generating key pairs...');
const aliceKey1 = keyStore.genKeyPair(masterKey, 'Alice');
const aliceKey2 = keyStore.genKeyPair(masterKey, 'Alice2');
const aliceKey3 = keyStore.genKeyPair(masterKey, 'Alice3');

It is convenient for users to be able to access their public keys. Key store can cache and list public keys. Because public keys do not need to be kept secret, they are stored in the clear.

keyStore.addPublicKey(masterKey, 'Alice');
keyStore.addPublicKey(masterKey, 'Alice2');
keyStore.addPublicKey(masterKey, 'Alice3');
const keys = keyStore.getPublicKeys();
console.log(`Alice's public keys:\n ${keys}`);

Key stores can also be serialized to a string and deserialized.

console.log('Serializing key store...');
const serializedKeyStore = keyStore.serialize();
console.log(`Serialized key store: \n ${serializedKeyStore}`);
console.log('Deserializing key store...');
const deserializedKeyStore = KeyStore.KeyStore.deserialize(serializedKeyStore);
console.log('Key store deserliazed!');

Users can backup their key stores by fetching the seed and storing it in a safe place. If a user loses his key store file, he can reload it from the saved seed.

const SEED = keyStore.getSeed(masterKey);
console.log('Loading key store from seed...');
const fromSeed = KeyStore.KeyStore.fromSeed(SEED, PASSWORD);