Bird eye view of how the PKI works for the curious minded 🙂

Bird eye view of how the PKI works for the curious minded 🙂

The Nodle chain embeds some additional modules used to create a decentralized Public Key Infrastructure (PKI). This PKI was custom built to fit Internet Of Things use cases best:

  1. The management of Root Certificates happens on-chain.
  2. In order to preserve the privacy of the user's KPIs the management of non Root Certificates (Child Certificates) happens off-chain, this prevents the possibility to know how many Child Certificates were issued and thus know how many devices are shipped or being shipped.
  3. Easy revocation of both Child or Root Certificates whenever it is needed.
  4. Key and signature agnosis, although we use ed25519 in our examples the PKI modules acts as a global source of truth and registry, signatures are verified off-chain.

What this is not:

  1. A new certification scheme, the PKI stack focuses on the management of Root Certification Keys and the revocation of Root or Child keys, and nothing else.
  2. A replacement for X509 or any other certificate format.

Some links:

  1. The PKI modules are implemented as part of the Nodle Chain.
  2. We developed a POC client and helper to interact with the pallets.
  3. Please read the testing instructions we had written previously for the Web 3 Foundation: milestone 1, milestone 2.

⬅️Running a Full Node Getting Registered on the PKI Registry ➡️