
Bird eye view of how the PKI works for the curious minded 🙂
The Nodle chain embeds some additional modules used to create a decentralized Public Key Infrastructure (PKI). This PKI was custom built to fit Internet Of Things use cases best:
- The management of Root Certificates happens on-chain.
- In order to preserve the privacy of the user's KPIs the management of non Root Certificates (Child Certificates) happens off-chain, this prevents the possibility to know how many Child Certificates were issued and thus know how many devices are shipped or being shipped.
- Easy revocation of both Child or Root Certificates whenever it is needed.
- Key and signature agnosis, although we use
ed25519
in our examples the PKI modules acts as a global source of truth and registry, signatures are verified off-chain.
What this is not:
- A new certification scheme, the PKI stack focuses on the management of Root Certification Keys and the revocation of Root or Child keys, and nothing else.
- A replacement for X509 or any other certificate format.
Some links:
- The PKI modules are implemented as part of the Nodle Chain.
- We developed a POC client and helper to interact with the pallets.
- Please read the testing instructions we had written previously for the Web 3 Foundation: milestone 1, milestone 2.

⬅️Running a Full Node Getting Registered on the PKI Registry ➡️