Cryptography and the Nexis Native Chain Network
Understand asymmetric cryptography and how Nexis Native Chain uses it.
Summary
- A keypair is a matching pair of public key and secret key.
- The public key is used as an “address” that points to an account on the Nexis Native Chain network. A public key can be shared with anyone.
- The secret key is used to verify authority over the account. As the name suggests, you should always keep secret keys secret.
@nexis-network/web3.jsprovides helper functions for creating a brand new keypair, or for constructing a keypair using an existing secret key.
Lesson
Symmetric and Asymmetric Cryptography
‘Cryptography’ the study of hiding information. There are two main types of cryptography you’ll encounter day to day:
Symmetric Cryptography is where the same key is used to encrypt and decrypt. It’s hundreds of years old and has been used by everyone from the ancient Egyptians to Queen Elizabeth I.
There’s a variety of symmetric cryptography algorithms, but the most common you’ll see today are AES and Chacha20.
Asymmetric Cryptography
-
Asymmetric cryptography - also called ‘public key cryptography’ was developed in the 1970s. In asymmetric cryptography, participants have pairs of keys (or keypairs). Each keypair consists of a secret key and a public key. Asymmetric encryption works differently from symmetric encryption, and can do different things:
-
Encryption: if it’s encrypted with a public key, only the secret key from the same keypair can be used to read it
-
Signatures: if it’s encrypted with a secret key, the public key from the same keypair can be used to prove the secret key holder signed it.
-
You can even use asymmetric cryptography to work out a good key for symmetric cryptography! This is called key exchange, where you use your public keys and the recipient’s public key to come up with a ‘session’ key.
-
There’s a variety of asymmetric cryptography algorithms, but the most common you’ll see today are variants of ECC or RSA.
Asymmetric encryption is very popular:
-
Your bank card has a secret key inside it that’s used to sign transactions.
Your bank can confirm you made the transaction by checking them with the matching public key.
-
Websites include a public key in their certificate. Your browser will use this public key to encrypt the data (like personal information, login details, and credit card numbers) it sends to the web page.
The website has the matching private key so that the website can read the data.
-
Your electronic passport was signed by the country that issued it to ensure the passport isn’t forged.
The electronic passport gates can confirm this using the public key of your issuing country.
-
The messaging apps on your phone use key exchange to make a session key.
In short, cryptography is all around us. Nexis Native Chain, as well as other blockchains, are but one use of cryptography.
Nexis Native Chain uses public keys as addresses
People participating in the Nexis Native Chain network have at least one keypair. In Nexis Native Chain:
-
The public key is used as an “address” that points to an account on the Nexis Native Chain network. Even friendly names - like
example.sol- point to addresses likedDCQNnDmNbFVi8cQhKAgXhyhXeJ625tvwsunRyRc7c8 -
The secret key is used to verify authority over that keypair. If you have the secret key for an address, you control the tokens inside that address. For this reason, as the name suggests, you should always keep secret keys secret.
Using @nexis-network/web3.js to make a keypair
You can use the Nexis Native Chain blockchain from either the browser or node.js with the
@nexis-network/web3.js npm module. Set up a project how you normally would, then
use npm
to install @nexis-network/web3.js
We’ll cover a lot of web3.js gradually throughout this course, but you can also check out the official web3.js documentation.
To send tokens, send NFTS, or read and write data Nexis Native Chain, you’ll need your own
keypair. To make a new keypair, use the Keypair.generate() function from
@nexis-network/web3.js:
Loading an existing keypair
If you already have a keypair you’d like to use, you can load a Keypair from
an existing secret key stored in the filesystem or an .env file. In node.js,
the @nexis-network-developers/helpers npm package includes some extra functions:
- To use an
.envfile usegetKeypairFromEnvironment() - To use a Nexis Native Chain CLI file use
getKeypairFromFile()
You know how to make and load keypairs! Let’s practice what we’ve learned.
Lab
Installation
Make a new directory, install TypeScript, Nexis Native Chain web3.js and esrun:
Make a new file called generate-keypair.ts
Run npx esrun generate-keypair.ts. You should see the text:
Each Keypair has a publicKey and secretKey property. Update the file:
Run npx esrun generate-keypair.ts. You should see the text:
Loading an existing keypair from an .env file
To ensure that your secret key stays secure, we recommend injecting the secret
key using a .env file:
Make a new file called .env with the contents of the key you made earlier:
We can then load the keypair from the environment. Update generate-keypair.ts:
Run npx esrun generate-keypair.ts. You should see the following result:
We’ve now learned about keypairs, and how to store secret keys securely on Nexis Native Chain. In the next chapter, we’ll use them!