Convenient substrate identity solution

dvc94ch profile image David Craven ・3 min read

For our sunshine-dao we wanted a convenient easy and secure identity solution, that doesn't require centralized key management.

The requirements were that we wanted the users to have per device keys they didn't have to copy around and that they should be able to associate their github account, so that users can bring their reputation to our bounty management platform.

I already heard about keybase and had briefly used it. When I set out to build substrate-identity I played around with it and read their technical documentation. A really interesting one for me was local-key-security. I had written a quick and dirty keystore before for the sunshine-flutter, but that had a lot of interesting things in it. I decided to reimplement our keystore based on the keybase keystore. A particularly interesting feature is that it will allow password changes on one device to reencrypt the keys using the public xor of the old password with the new one.

Setup your account

Set your device key to //Alice:

cli-identity key set --suri //Alice
Please enter a new password (8+ characters):

Your device id is 5GrwvaEF5zXb26Fz9rcQpDWS57CtERHpNehXCPcNoHGKutQY
Your user id is 0

Add a paper backup for your account:

cli-identity device paperkey
Generating a new paper key.
Here is your secret paper key phrase:

mandate robust earth scan shrimp second pipe pitch eternal snap glare tooth
bean crucial river bar crash nice sorry laundry oppose filter aunt swear

Write it down and keep somewhere safe.

and list your device keys:

cli-identity device list

Prove your online identity

Add a new online identity:

cli-identity id prove dvc94ch@github
Claiming dvc94ch@github...
Please *publicly* post the following Gist, and name it 'substrate-identity-proof.md'.

### substrate identity proof

I hereby claim:

  * I am dvc94ch on github.
  * I am 0 on the substrate chain with genesis hash mzyTJZVm7IXDUBeZwyWk6rG1YGIt8BQnNzrshKJCalYI.
  * I have a public key 5GrwvaEF5zXb26Fz9rcQpDWS57CtERHpNehXCPcNoHGKutQY valid at block with hash mfBFseDYNX31Poqei8A/9teYmxJIj4PFROoKLKEPaStE.

To claim this, I am signing this object:


with the key 5GrwvaEF5zXb26Fz9rcQpDWS57CtERHpNehXCPcNoHGKutQY, yielding the signature:


And finally, I am proving ownership of the github account by posting this as a gist.

and list your identities:

cli-identity id list
Your user id is 0
dvc94ch@github https://gist.github.com/da8bbf9c69976a3d750e2c433126852b

Receive payments to your public identity

Transfer a balance from //Bob to dvc94ch@github:

cli-identity --path /tmp/bob key set --suri //Bob
Please enter a new password (8+ characters):

Your device id is 5FHneW46xGXgs5mUiveU4sbTyGBzmstUspZC92UhjJM694ty
Your user id is 1

make sure ipfs is running so that //Bob can fetch //Alice's identity:

cli-identity run

finally make the transfer:

cli-identity --path /tmp/bob wallet transfer dvc94ch@github 10000
transfered 10000 to 5Fe8Da8o2TQY6heaopRA9Zs2dpiJ2GFtvWThnd89uxYEXK1q

Posted on by:


markdown guide