Key Management

Overview of how private and public keys are managed in the UI

Private & Public Key Overview

ConsenSource utilizes public-key cryptography. Public keys are stored on-chain and accessible to all nodes in the network, and a user’s private key is stored in an encrypted format off-chain.

Whenever a user creates a transaction, the contents of the payload are serialized, signed with the user’s private key, and committed with the transaction. This signature can later be decrypted with the user’s public key to verify that the contents of the payload are unchanged, and to prove that a given user created a transaction.

Private and Public keys in ConsenSource are generated with secp256k1 using the ECDSA algorithm using the sawtooth-signing library. When storing private keys in a database, the SJCL encyrption library is used.

Key Management

Browser Storage

Browser storage is used as a temporary store for the public and private keys of a user.

Local Storage:

  • Stores a User object containing the following fields
    • username, public_key, name, email, encrypted_private_key

Session Storage:

  • Stores the decrypted private key

User Creation

When filling out the Sign Up form, a User object is created along with a corresponding Agent in order to store the hashed password and encrypted private key. The Agent is stored on-chain, but the User is stored off-chain.

The User is fetched from the database when signing in to ConsenSource. The User object is then saved to local storage, and the decrypted private key is saved to session storage.

The diagram below goes into more detail on the user creation process.

User creation workflow in ConsenSource

Additional Sawtooth Docs

Last modified April 14, 2020: Additonal UI docs (9651d07)