Client Set-up

When a client instance is started for the very first time, a number of things have to setup first to allow creating a EDV at a provider:

  1. A master key has to be setup. For human-facing clients, this key is derived from a master passphrase. This symmetric master key will be used to encrypt all data-at-rest of the client instance.

  2. A session is created. This session is initialized with a new Ed255191 based EdDSA public-private key-pair for requests to services and EDVs, and authorization with ZCaps.

  3. This key is used to create the session DID - also known as "controller DID".

  4. The controller DID is used to request a new EDV at a chosen provider. The request contains data about the client, most importantly the did:key.

  5. The key receives the initial capability delegation from the root of trust. Several attributes are generated (e.g. IDs, sets up a did:key for the EDV) for the EDV.

Last updated