Authentication
Proof of Authority as an authentication hierarchy tree. Starting at the 'ROOT' genesis block.
To obtain write privileges to interact with the NxtFi blockchain, each user/entity must generate a key pair using the RSA-PSS specification.
After the key-pair generation process is successful, according to the Proof-of-Authority mechanism, every PubKey needs to be approved by a higher hierarchy authenticated key-pair before it can interact with NxtFi in any way.
Higher hierarchy key-pairs can only grant or revoke permissions, and are like parent elements. However, they will never be able to sign on behalf of other key-pairs.
Key-pair generation
The generation of a public-private key pair is done as follows in Javascript:
window.crypto.subtle.generateKey(
{
name: "RSA-PSS",
modulusLength: 2048, //can be 1024, 2048, or 4096
publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
hash: {name: "SHA-256"}, //can be "SHA-1", "SHA-256", "SHA-384", or "SHA-512"
},
false, //whether the key is extractable (i.e. can be used in exportKey)
["sign", "verify"] //can be any combination of "sign" and "verify"
)
.then(function(key){
//returns a keypair object
console.log(key);
console.log(key.publicKey);
console.log(key.privateKey);
})
.catch(function(err){
console.error(err);
});
Request permission for your key
Currently, authorization for new keys is done manually. Please contact the NxtFi administrator to request the necessary permissions to write new blocks.
Last updated