Private Key Storage in Canton

corey.todaro · April 9, 2021, 3:57pm

I understand that Canton uses private keys for its identity management service.

From the documentation on the implementation of the Identity Management Service, it appears there are a number of Identity Stores - but these are identity related and timestamped transactional stores.
But it’s unclear to me where and who stores a party’s private key.

Is a party’s key storage and management a component of a participant node? Is it external?

Separately, does Canton’s identity management service interact with Daml’s Ledger API auth functionality? If so, how?

davidpadbury · April 9, 2021, 4:13pm

Hi @corey.todaro ,

Within canton it’s the participant that will have a private key not the party. This key will be used for all parties the participant hosts. In our default setup these keys will just be stored in the database. We will potentially support storing keys elsewhere in the future (likely HSMs).

These keys are not used within the leger-api authentication. You can find some details on how that is configured within canton for participants and certificate usage here: Static Conf - JWT Authorization.

David.

Ianw1 · March 20, 2023, 11:55am

To update, Canton now supports use of HSM, see Security — Daml SDK 2.6.0 documentation.

Topic		Replies	Views
Data storage Questions	2	228	April 14, 2022
How are keys generated and managed in Canton? Questions canton , security	1	182	April 7, 2022
Hosting multiple party to Canton Participant Node Questions ledger-api , canton	1	387	May 1, 2023
Storing sensitive personal information on ledger Questions canton	1	181	January 27, 2023
Questions about of data stored in Canton Questions canton	3	378	April 10, 2021

Private Key Storage in Canton

Related topics