Clients MUST use Ed25519 as the Digital Signature Algorithm for Bamboo.
- A key pair is used to sign Bamboo entries and their payloads.
- The public key of a key pair is embedded in Bamboo entries and therefore always available when verifying an entry and its payload.
- p2panda clients create key pairs for their users.
- Data recipients can identify the author of data from the public key and the signature on a Bamboo entry
- The public key and signature are distributed alongside the data.
- Data recipients can verify the integrity of data using the signature on Bamboo entries.
p2panda clients SHOULD generate a new key pair for every new usage context. The boundaries of a usage context are defined by 1) device storage, 2) software distribution and 3) trust.
- This lowers the chance of producing a fork in a Bamboo log.
- A Bamboo log has a fork when two entries with the same sequence number exist in it.
p2panda clients SHOULD ensure that private keys cannot be read by adversaries.
p2panda clients SHOULD NOT require the transmission of a private key outside a usage context.
- To migrate data clients should rather make use of p2panda Key Groups, by transferring the permissions to a new key pair instead of migrating the old key pair itself