Identity and Storage

Cweb Identity

Cweb Identity is the basic entity in Cweb protocols, and is associated with a public key cryptography keypair. The private key is kept secret by the identity owner, while the public key is shared.

Cweb Id is a 32-byte one-way hash of the public key and is used in Cweb protocols to reference identities.

Cweb Identity Descriptor is a self-signed object establishing association of a Cweb Id with its public key and storage profile (see below). Fetching peer’s identity descriptor is a prerequisite for communicating with it. Optionally, identity descriptor can carry self-declared properties such as name, email, and properties cryptographically endorsed (signed) by others. Being part of the discovery mechanism, identity descriptors are shared publicly unencrypted.

Storage Profiles

Storage Profile is the address of identity’s online storage. There are two types of storage profiles:

  • Public storage profile allows reading identity descriptor and raw data files, but not necessarily decrypt them. Public profiles published as part of identity descriptors.
  • Private storage profile in addition to everything in the public storage profile, contains credentials for writing and deleting files. Private profile grants an applications permissions for using the storage for running Cweb protocols. Typically granted by the user at application initialization time. Private profiles are not shared with peers.

Currently Cweb implements S3 client and thus supports all compatible storage like AWS S3, Minio, Wasabi. Public and private storage profiles are formatted as sequences of strings delimited by the exclamation mark character !.

Public storage profile format:


Private storage profile format:

  • HOST is http://s3-<region> for AWS, or IP/hostname for Minio or other S3-compatible storage.
  • REGION and BUCKET_NAME should be self-explanatory (if not, see S3 Basics).
  • Cweb protocols use PATH_PREFIX as the file name prefix for all long-lived files such as Identity descriptors, or shared files content.
  • READ_ACCESS_KEY_ID and READ_SECRET_ACCESS_KEY are the read credentials. Optional, can be empty for publicly readable buckets.
  • WRITE_ACCESS_KEY_ID and WRITE_SECRET_ACCESS_KEY are the write credentials.


# Private storage profile
# Public storage profiles

See Storage Setup for instructions on creating and configuring S3 buckets.