Admin
Authentication middleware
The Admin acts as the authentication module. Once the user authenticates with the Admin, the latter authorises the user to perform key generation and sign operations with the server Node.
This authorisation is done by issuing a userToken to the user. The userToken is a Json Web Token (JWT) generated using ADMIN_KEY
as the key. The ADMIN_KEY
is a shared secret between the Sigpair Admin and the Sigpair Node. The ADMIN_KEY
for the node is configured when the node is deployed.
The ADMIN_KEY
must be randomly generated! It must be 32 bytes in length. Secure management of the ADMIN_KEY
is the responsibility of the company. Please use a cryptographically secure random number generator.
Security of the ADMIN KEY
The ADMIN_KEY
must be stored securely. Compromise of the token can lead to loss of the server share. Compromise of the token does not lead to compromise of the user secret shard wallet.
Admin SDK
We provide SDKs to perform admin actions.
Initialise Admin class
After authentication is complete, the Admin can use the SDK to create a new user.
Issue user token
User Token
This is the token issued to the a user, which they can use to authenticate themselves with the Server Node for MPC operations:
user_id
: User Id of the user. Generated when creating a user.iat
: Issued at timestamp as per JWT standard. Unix timestamp.exp
: Expiry timestamp as per JWT standard. Unix timestamp.public_key
: Signing public key of the user. (ED25519 public key). This is key is not an MPC key. It's a normal ED25519 signing public key. The Sigpair Node will only accept messages signed by this public key.
public_key
is the signing public key of the client. The client has a signing key-pair which it uses to sign all messages which is verified by the Node. This is done to verify the source of each message passed between the parties. That key is different from the MPC wallet key/public key.
The signing key-pair is a ED25519 signing key-pair. So the public key is a ED25519 public key which is 32 bytes in length. (64 hex chars)
The Admin can issue a User Token that can be used by the client to authenticate with the server Node. This action requires no interaction with the server Node. It's just generation of a JWT by the Admin using the ADMIN_KEY
Delete Key
Key deletion is a dangerous operation.
Some recommendations:
Admin must verify the delete request using 2fa or request re-authentication.
Admin must notify the user of this request before deleting.
Admin optionally can wait for a period before deleting the key.
Last updated