This guide complements your understanding of our API endpoints by delving into key generation, signing, and encryption. These steps are crucial for securing your data tokens when using zkPass.
Key Pair Generation
This pair consists of two keys: a public key and a private key. Think of them like a lock and key combination.
Public Key: This key is freely shared and used to verify the authenticity of your signed data tokens.
Private Key: Keep this key safe! It's used for signing and decrypting your data tokens.
Signing for Trust: Securing Your Data Tokens
Signing your data tokens adds a digital signature using your private key. This signature acts like a tamper-proof seal, ensuring anyone receiving the token can confirm it hasn't been altered.
Encryption for Privacy: Keeping Your Data Confidential
Encryption takes your data tokens and scrambles them using your private key. This makes the data unreadable by anyone who doesn't possess the corresponding public key (which you wouldn't share).
Generate Key Pair
Overview
We are using elliptic curve cryptography (ECC) for our encryption. The key pair should be generated using P-256 curve. Ensure the generated key pair is in PEM format.
The public key should be encoded in SPKI format, and the private key should be encoded in PKCS#8 format.
Public Key Format
PEM format
SPKI encoding
Private Key Format
PEM format
PKCS#8 encoding
Example Implementation
Here's the example of generating key pair in Typescript.
Output Example
After this section you should have a key pair consisting of :
publicKeyJWKS
privateKey
Ideally, the issuer & verifier should have different key pairs.
Make sure you have both them before proceeding to the next section.
Here's the example for publicKeyJWKS and privateKey.
zkPass enhances the security of your data during transport by encrypting it before sending it over the network. The are only two entities that can access the data: the holder and zkPass host running in a Trusted Execution Environment (TEE).
We need to sign User Data and Data Verification Request (DVR) before sending a request to the zkPass service. This ensures that the payload is not tampered during transport.
Example Implementation
JWKS
The JSON Web Key Set (JWKS) is a set of keys containing the public keys used to verify any JSON Web Token (JWT) issued by the Authorization Server and signed, You can find a complete definition of JWKS here.
Upload your publicKeyJWKS so that it's accessible from the internet. This will be used by zkPass service to verify the validity of the user data.
A JSON Web Signature (abbreviated JWS) is an IETF-proposed standard (RFC 7515) for signing arbitrary data. This is used as the basis for a variety of web-based technologies including JSON Web Token. You can find a complete definition of JWS here.
This is an example code of how you can sign a JSON object as JWS format in Typescript. Let's say you uploaded your publicKeyJWKS to https://mywebsite/my-keys.json