Security News
Cloudflare Adds Security.txt Setup Wizard
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
blockchain-profile
Advanced tools
Follow these steps to generate a profile for a Blockchain ID:
But first, import the required modules:
var BlockchainProfile = require('blockchain-profile').BlockchainProfile,
PrivateKeychain = require('keychain-manager').PrivateKeychain
The format for profile objects is based on the formatting found at schema.org.
var profile = {
"@type": "Person",
"givenName": "Satoshi",
"familyName": "Nakamoto",
"knows": [
{
"@type": "Person",
"id": "gavinandresen.id"
}
]
}
var privateKeychain = new PrivateKeychain()
var tokenFile = BlockchainProfile.profileToTokens(profile, privateKeychain)
var publicKeychain = privateKeychain.publicKeychain()
var hostUrls = ['https://s3.amazonaws.com/mq9/users/satoshi-nakamoto.json']
var checksums = [{ field: 'pgp[0].publicKey', hash: 'e508f0c2c455ab79a4fabc4b51aa537e123c08abee40a87c47e6705a2bbae4ae', algorithm: 'SHA256' }]
var zoneFile = BlockchainProfile.zoneFile('satoshi.id', publicKeychain, hostUrls, checksums)
var profile = BlockchainProfile.tokensToProfile(tokenFile, publicKeychain)
console.log(profile)
{
"@type": "Person",
"givenName": "Satoshi",
"familyName": "Nakamoto",
"knows": [
{
"@type": "Person",
"id": "gavinandresen.id"
}
]
}
A blockchain ID = a name + a blockchain ID
Let's say you register the username 'alice' within the 'id' namespace, the default namespace for usernames. Then your username would be expressed as alice.id
.
Profile schema is taken from schema.org. The schema for a person record can be found at http://schema.org/Person. There are some fields that have yet to be included, like the "account", "key", "policy", "id", and "publicKey" fields. An updated schema definition will be published to a different location that superclasses the schema.org Person definition and adds these fields.
{
"name": "Naval Ravikant",
"accounts": []
}
Blockchain ID profiles are stored in two files: a token file and a zone file:
An identity lookup is performed as follows:
A zone file contains an origin (the name registered), a TTL (not yet supported), and a list of records.
Each record has a name, class, type, data, and checksums.
If the value of the "name" field is "@", that means the record corresponds to the "zone origin" of the name.
The "class" field corresponds to the namespace of the record's information. In ICANN DNS, this is traditionally "IN" for Internet, but this field could be changed to something else to indicate that the names are registered in a parallel DNS universe.
The "type" field indicates how the record should be resolved. Only "CNAME" is currently supported. This means that the name record should be interpreted as an alias of the URL that is provided in the "data" field.
The "data" field is interpretted in different ways, depending on the value in the "type" field. As mentioned previously, though, the only supported type at the moment is "CNAME", so the "data" field will contain a URL until that changes.
The "checksums" field indicates values in the parsed profile that should be considered "immutable" fields. One can be certain that the values of these fields cannot change because the values of their hashes must correspond to the corresponding values in the checksum records.
The "publicKeychain" field indicates the keychain that was used to sign the tokens found in the token file.
{
"origin": "alice.id",
"ttl": "1h",
"records": [
]
}
The token file contains a list of token records.
Each record contains the encoded token, a "data" field with the decoded token, a "chainPath" that indicates how to get from the master public keychain to the signing public key, and an "encrypted" field that indicates whether or not the token is encrypted.
To validate each identity token, first decode the token and grab the public key of the issuer. Then, verify the token's signature with the public key. Then check to make sure you can derive the public key from the master public keychain using the chain path. If these checks pass, the token is valid.
Each token in the token file has a header, a payload, and a signature. The payload is the important part. Each payload contains a "claim", a "subject", and an "issuer". The claim is the signed bit of information that goes into the construction of the profile. The subject references the identity that the claim is about. The issuer is the identity that is signing the token (and thus making a claim about the subject).
In the case of self-attested profile information, the subject and the issuer are the same person (one is making a statement about one's self).
However, this can be extended to any statement made by any issuer about any other subject. For example, you can sign a statement attesting to your own birth date, and then your state DMV or bank can sign a statement making the same attestation about your birth date. Then, you can present those two signed statements to any other party and present proof of your birth date.
The cool part is that the identities referenced are public keys, not usernames. That means that you can present signed tokens to a party that show proof of your birth date, all without revealing your username and thus your identity. This process is known as selective disclosure of identity information.
[
{
"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJjbGFpbSI6eyJuYW1lIjoiUnlhbiBTaGVhIiwiZ2l2ZW5OYW1lIjoiUnlhbiIsImZhbWlseU5hbWUiOiJTaGVhIn0sInN1YmplY3QiOnsiQHR5cGUiOiJQZXJzb24iLCJwdWJsaWNLZXkiOiIwM2QzOWI2YzM5NzEwOWFmYTNhZTE4NDRiMjEzMjE1NmE0YmYyMzYxN2ZlOTEzMmYwZmFjYzM4Y2NmOTQ1MmVhODYifSwiaXNzdWVyIjp7IkB0eXBlIjoiUGVyc29uIiwicHVibGljS2V5IjoiMDNkMzliNmMzOTcxMDlhZmEzYWUxODQ0YjIxMzIxNTZhNGJmMjM2MTdmZTkxMzJmMGZhY2MzOGNjZjk0NTJlYTg2In19.Wqo7GlyisTMRm7xQz98XBp4y_QDTTEQwhtnnoBxsXODupYJlj758rMQEFom2mU5p-WzJwWY8leHgWhoyKa4mXA",
"data": {
},
"chainPath": "9eace0988a7583d45c99ea0058b2687282ebbe4a2862c86aa0e2ed576cd1b49f",
"encrypted": false
},
]
FAQs
Blockchain ID Profile Generator
The npm package blockchain-profile receives a total of 5 weekly downloads. As such, blockchain-profile popularity was classified as not popular.
We found that blockchain-profile demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.
Security News
ENISA’s 2024 report highlights the EU’s top cybersecurity threats, including rising DDoS attacks, ransomware, supply chain vulnerabilities, and weaponized AI.