Concepts Specifications API Downloads
SpecificationsKey pair

Key pair

Condensation uses RSA 2048 key pairs to asymmetrically encrypt and sign data. A key pair consists of a private key, and a corresponding public key:

Private key Public key e p q e n

Key pairs are generated by the application taking part in the Condensation protocol on the device on which that application is running. By generating a key pair, the application implicitly creates an actor.

Private key

The private key consists of three integers:

The private key should be stored in a safe place on the device on which it was generated, and may be protected with a pin code, a fingerprint, or any other appropriate mechanism.

The primes p and q must be kept secret, and should never leave the device. They should not be backed up. Condensation can deal with lost keys.

Public key

The public key is serialized as an object carrying a record with the following structure:

  public exponent

Both numbers are encoded as unsigned big-endian integers. The public exponent is usually 65537, which can be encoded with 3 bytes (01 00 01). The modulus is 256 bytes (2048 bits) long.

The order of the two nodes does not matter, but it is recommended to use the above order. Any additional information about the actor should be stored on its public card, and not be added to the public key.

The hash of the public key object is used to identify an actor. Hence, the public key object cannot be modified throughout the lifetime of an actor.

The public key object must be uploaded onto all stores used by the actor.