Are SigningKeyPair
s meant to be ephemeral inside of dryoc?
#67
-
I was wondering if intention for the Or is the SecretKey portion of the pair something that can/should be stored on the local filesystem, vault service, etc? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
There are a few ways to use it, but generally speaking if you want to be able to authenticate messages over long periods of time (i.e., you want to be able to verify authenticity between two clients/actors over some extended period) then you'd need to store the secret key somewhere, such as in a database. The public keys need to be exchanged between parties to perform the authentication. If you lose (or discard) the secret key, it just means that you won't be able to sign any new messages with that secret key, but you can still verify any messages that were previously signed with that key so long as you still have the public key. Like you already mentioned, one way to use the signing keypair is to perform a handshake (when initiating a connection, or performing some sort of authentication/authorization process), exchange public keys, and then use that public key to verify all the messages going forward. Once the connection is closed or the session is terminated, the keys are forgotten and never reused. You would only do this if you want a little more control over the process, as opposed to, say, using the Hope that helps! |
Beta Was this translation helpful? Give feedback.
There are a few ways to use it, but generally speaking if you want to be able to authenticate messages over long periods of time (i.e., you want to be able to verify authenticity between two clients/actors over some extended period) then you'd need to store the secret key somewhere, such as in a database. The public keys need to be exchanged between parties to perform the authentication.
If you lose (or discard) the secret key, it just means that you won't be able to sign any new messages with that secret key, but you can still verify any messages that were previously signed with that key so long as you still have the public key.
Like you already mentioned, one way to use the signing keyp…