-
Notifications
You must be signed in to change notification settings - Fork 7
Configuring public keys validation
When a user fetches public keys from the DataPeps service the keys are validated as described here. The client can configure the security model for public keys validation.
In particular the client can change the public keys trust policy (TOFU by default) and the local keys cache organization (in-memory cache by default).
In DataPeps each identity has a chain of public keys associated with it. When an identity is created it has only one key in the chain. When identity renews its keys, the new public key is added to the chain. In this way every key in the chain has a version, the versions start from one. All the keys except the first are signed by the previous key, so they form a chain of trust.
To validate a fetched public key, the client traverses the chain of trust and verifies signatures validity. The trust policy that the client can configure defines how the key with the version one is validated.
By default the DataPeps SDK uses TOFU security model of public keys validation. The user stores all the public keys received in the local in-memory key cache. If the requested key is already in the cache, the client uses it directly. If not, the client fetches the key from the server. If a previous version of the key is in the cache, the user validates the signatures in the chain of trust down to this version. If the key has not been seen before, the client adds it without any verifications (he trusts the key on the first use).
The client can define a custom trust policy that determines how to treat the key, if there are no previous versions of the key in the local keys cache. For example the client can use a side-channel to verify such a key. See the example that demonstrates the process of the trust policy configuration.
The client can define a memory key cache for public keys local storage and fetching.
Trust policy configuration — configuring a custom trust policy that uses two-channel authentication method for received public keys validation.