Skip to content

Latest commit

 

History

History
98 lines (69 loc) · 11.4 KB

1. Create your DID.md

File metadata and controls

98 lines (69 loc) · 11.4 KB
Raw

What is an identity file

cyfs://o/$owner_id/$obj_id

Let's continue the CYFS Object URL creation journey.
A valid identity can be expressed by $owner_id, which can be logically considered as a public key hash. NamedObject, this kind of NamedObject we call "entitled object". It's a little early to go into detail about NamedObjects, but we just know that both OOD and CYFS browsers need a valid identity (DevcieObject) to be recognized in the CYFS Network.

XXXObject in CYFS are NamedObject, NamedObject is a common trusted structured data. Each NamedObject has a unique object Id (ObjectId), and we use ObjectId to distinguish each object. This ObjectId is obtained by doing a Hash calculation on the Desc part. If the Desc part has changed, then the ObjectId has also changed.

This structure is simplified as follows. people-object The owner field of the DeviceObject refers to the PeopleObject in the same way as the PeopeObjectId, so whoever has the private key corresponding to the public key in the PeopleObject is the owner of the device. We will store the device's own private key in the device's storage. This actually constitutes a two-level certificate structure, and most data can be proven to be "created by my device" as long as it is signed by the DeviceObject, which is usually automated. Data with a higher level of security (e.g., TX for transfers) requires the PeopleObject's private key for signing, which is usually non-automated and requires interactive confirmation by the private key holder.

Therefore, before using the CYFS system, you must bind a DeviceObject to the OOD and the CYFS browser, and the Owner of the DevceObject points to a PeopleObject, which is similar to the developer ID book in many systems. CYFS://o/$owner_id/$obj_id in $owner_id, which is the PeopleObject Id, can be created directly locally based on cryptographic tools.

Create identity using CYFS TOOL

This binding method requires only one PC to complete.

After activation using this method, the helper word will be printed in the console. Please record the helper word and keep it in a safe place. You can later use the helper word to restore the identity in Super Send and continue to use Super Send to manage the identity and the activated devices.

To install cyfs-tool.
Use the command line npm i -g cyfs-tool to install the beta version of the cyfs-tool tool

If you want to install the nightly version line of cyfs-tool, you need to execute the command npm i -g cyfs-tool-nightly. Note that the version line of cyfs-tool must match the version line of the ood/runtime you want to operate on. Using a mismatched version can lead to all sorts of unanticipated errors

Use the CYFS TOOL command directly to bind a locally installed OOD or runtime

  1. Bind OOD

    After installing OOD, make sure the ood-daemon process is running. Execute the cyfs desc -a command, which will automatically check if there are inactive OODs and runtimes on the local machine, and if so, automatically create an identity and activate it.

    This command will output a set of 12 words in the console, please record the helper words and keep them safe.

  2. Bind runtime

    Install CYFS browser first and start it. Make sure the sweep activation page is displayed on the browser

    Execute the command cyfs desc -a -m "mnemonic phrase" --only-runtime, here the -m parameter must be entered in the previous step, the mnemonic phrase output when binding OOD, the phrase must be enclosed in double quotes. After execution, the browser should automatically go to the home page

Generate identities for subsequent manual binding of OOD and Runtime

  1. Generate sets of identities

    Use the command cyfs desc -s <save_path> to generate the matching identity file and save it in the save_path directory. If save_path is not specified, the default is ~/.cyfs_profile

    The generated <save_path>/people.desc and <save_path>/people.sec files are the key pairs of your own identity, please save them properly and do not delete them

    This command will output a set of 12 words of helper words in the console, please record the helper words and keep them in a safe place.

  2. Bind OOD

    After identity generation, copy <save_path>/ood.desc and <save_path>/ood.sec to ${cyfs_root}/etc/desc on the OOD machine and rename them to device.desc and device.sec.

  3. Bind CYFS browser

    After identity generation, copy <save_path>/runtime.desc and <save_path>/runtime.sec to ${cyfs_runtime_root}/etc/desc on the CYFS browser machine, and rename them to device.desc and device.sec

${cyfs_root} specific path.

  • Windows: c:\cyfs
  • MacOS: ~/Library/cyfs
  • Other systems: /cyfs

${cyfs_runtime_root} Specific path.

  • Windows: %appdata%/cyfs
  • Mac OS: ~/Library/Application Support/cyfs

Identity, Zone, OOD and MetaChain

Binding a PeopleObject to an OOD DeviceObject is a key operation for users to enter the CYFS Network, and this operation writes the association to the blockchain. Addressing is an important infrastructure in a decentralized system and is used in many underlying modules. A trusted PeopleObjectId, which can be queried to get a verifiable (with corresponding People Private Key signature) profile, is the basic Zone addressing in CYFS.

CYFS defines that all devices owned by a user constitute a logical Zone, which can be referred to by the user's PeoopleId. In a configuration object called ZoneConfig, this object is always saved on the blockchain. At its simplest, a ZoneConfig is a DeviceObject that records the OODs within a Zone. thus, the CYFS Network is a decentralized, large-scale network consisting of multiple centralized, small-scale Zones. This design protects the rights of users by decentralization, and also improves the execution efficiency and reduces the operation cost of Services on CYFS Network using traditional centralization techniques.

Addressing information needs reliable and consistent KV storage. dHT was once a widely used decentralized KV preservation technology, but the addressing system implemented based on dHT proved to have many unsolvable problems in terms of consistency and reliability. The KV storage system based on blockchain technology is perfect both in consistency and reliability, the only drawback is the poor write performance as well as the high write cost. CYFS only has to be on the chain when ZoneConfig is changed, which for most people is a matter of a few times a year at most, and the drawbacks of blockchain are perfectly acceptable in this scenario.

Although any public chain supporting smart contracts can implement the Zone addressing logic of CYFS in a simple and straightforward way through smart contracts, we use a custom public chain: MetaChain to implement the CYFS Zone addressing logic natively, considering the scale cost of CYFS for all Internet users (1 billion level) in the future. Today CYFS is in Beta (test network) online, which means the data in the network is real, the assets are fake, and our MetaChain is still a "toy implementation", using minimal R&D resources to support the whole system to run through first. We are actively and openly promoting the development of a formal MetaChain (or a cooperative public chain), and will release CYFS Beta II when we believe that the MetaChain implementation has reached industrial strength.

MetaChain is designed to be a multi-currency blockchain with a specific purpose, and it is beyond the boundaries of this paper to expand on the consensus economy thinking here. From the user's point of view, we want users to be able to use any already existing digital asset on MetaChain: they can use ETH to pay MetaChain's fees, and they can use BTC to pay MetaChain's fees. However, considering the current situation of MetaChain, in order to protect the safety of users' digital assets, we only open the ecological Coin: DMC (Data Mall Coin, https://www.dmctech.io/), which is also in the test network stage, on MetaChain at present. How to obtain DMC and exchange it to MetaChain can be followed by the relevant announcement of DMC Foundation.

Therefore, the generated PeopleObject and OOD DeviceObject will be chained, either directly or by generating the identity for subsequent manual binding. At present, MetaChain will give coins by DMC ecological airdrop for this operation according to the DMC Foundation's agreement. These airdrops are more than enough to cover MetaChain's fees. It will allow our tutorials to go on smoothly. It also allows CYFS early adopters to complete the creation of new users (DID creation) smoothly

Tips

We call MetaChain directly from CYFS TOOL command line, which is an important tool in the SDK, and provides other features that are useful for use and Dec App development. For details, see CYFS TOOL command description

Bind identity using CyberChat

We have made the principles clear in the previous sections. From the end user's point of view, this is what we recommend, the most secure method, where the key PeopleObject secret key is stored on the phone. This method works for all kinds of OODs and is easy to use

  1. install CyberChat (download page), the Chinese name of CyberChat is 超送. Follow the prompts to create an identity
  2. Bind OOD: Install OOD first, from the official website binary, or your own compiled OOD are available. After installation.
    • If OOD and CyberChat are on the same LAN, you can bind directly with the scan bind function of CyberChat.
    • If the OOD and the CyberChat are not on the same LAN, first make sure your firewall rules allow port 1325 to be accessed, and execute ./ood-installer --bind on OOD, and then use the QR code displayed on the scanning terminal to bind.
  3. bind runtime: install the CYFS browser and initially use the prompt to scan the QR code in the web page for binding

Create an identity using the CYFS browser

In order to further facilitate the use of common users, we plan to support the construction of PeopleObject and the binding of VirtualOOD through the CYFS Browser. We will add the relevant features here when they finish development.

Description of the cryptographic identity network composed of the above files

  1. first we get the People secret key pair (using RSA 1024 algorithm by default) based on the helper, and construct the PeopleObject containing the People PublickKey.
  2. Then we use the People private key to generate the OOD secret key pair and construct the DeviceObject containing the OOD PublicKey, and set the Owner to the PeopleObject constructed in the first step. Then we use the People private key to sign the Desc and Body parts of the OOD DeviceObject.
  3. Finally, we generate the Runtime secret key pair and construct the Runtime DeviceObject by a similar process.
  4. We copy the above Object and private key to the specified directory of the corresponding device respectively. As shown in the figure below, the private-keys

Summary

In this chapter, we learned about the construction of CYFS cryptographic identities (DIDs) and understood their fundamentals. We also bound the key OODs for these identities, all the Devices owned by the same People that make up the Zone in the CYFS network, the central node within the Zone is the OOD, and learned how this information is stored through MetaChain. By this point we have completed our preparatory work, and in the next chapter we will finish publishing the file.