Cweb Identity is the basic entity in Cweb protocols, and is associated with a public key cryptography keypair. The private key is kept secret by the identity owner, while the public key is shared.
Cweb Id is a 32-byte one-way hash of the public key and is used in Cweb protocols to reference identities.
Cweb Identity Descriptor is a self-signed object establishing association of a Cweb Id with its public key and storage profile (see below). Fetching peer’s identity descriptor is a prerequisite for communicating with it. Optionally, identity descriptor can carry self-declared properties such as name, email, and properties cryptographically endorsed (signed) by others. Being part of the discovery mechanism, identity descriptors are shared publicly unencrypted.
Storage Profile is the address of identity’s online storage. There are two types of storage profiles:
- Public storage profile allows reading identity descriptor and raw data files, but not necessarily decrypt them. Public profiles published as part of identity descriptors.
- Private storage profile in addition to everything in the public storage profile, contains credentials for writing and deleting files. Private profile grants an applications permissions for using the storage for running Cweb protocols. Typically granted by the user at application initialization time. Private profiles are not shared with peers.
Currently Cweb implements S3 client and thus supports all compatible storage like
AWS S3, Minio, Wasabi.
Public and private storage profiles are formatted as sequences of strings
delimited by the exclamation mark character
Public storage profile format:
Private storage profile format:
http://s3-<region>.amazonaws.comfor AWS, or IP/hostname for Minio or other S3-compatible storage.
BUCKET_NAMEshould be self-explanatory (if not, see S3 Basics).
- Cweb protocols use
PATH_PREFIXas the file name prefix for all long-lived files such as Identity descriptors, or shared files content.
READ_SECRET_ACCESS_KEYare the read credentials. Optional, can be empty for publicly readable buckets.
WRITE_SECRET_ACCESS_KEYare the write credentials.
# Private storage profile s3!https://s3-us-east-1.amazonaws.com!us-east-1!cweb!prefix!AXKTI384GHTY5LE7OPRN!YR5CeTRjdnwPO6G7gO1eYBMT25CY5OSB5/2vG5e2!AXCEI327GHTY5DU7OIDF!CSlCeTRjdnwKL+52gO1eYBMT25CY5OQF/38BtJ+w # Public storage profiles s3!http://my-minio-host.com:9000!us-east-1!cweb-bucket!john-doe!DFURI934GHTKVB57OIDF!CSlCeTRjdnwKL+52gO1eYBMT25CY5OQ5UWBjwk5
See Storage Setup for instructions on creating and configuring S3 buckets.