> ## Documentation Index
> Fetch the complete documentation index at: https://docs.nexis.network/llms.txt
> Use this file to discover all available pages before exploring further.

# Cryptography and the Nexis Native Chain Network

> Understand asymmetric cryptography and how Nexis Native Chain uses it.

## Summary

* A **keypair** is a matching pair of **public key** and **secret key**.
* The **public key** is used as an “address” that points to an account on the
  Nexis Native Chain network. A public key can be shared with anyone.
* The **secret key** is used to verify authority over the account. As the name
  suggests, you should always keep secret keys *secret*.
* `@nexis-network/web3.js` provides helper functions for creating a brand new keypair,
  or for constructing a keypair using an existing secret key.

## Lesson

### Symmetric and Asymmetric Cryptography

'Cryptography' the study of hiding information. There are two main types of
cryptography you'll encounter day to day:

**Symmetric Cryptography** is where the same key is used to encrypt and decrypt.
It's hundreds of years old and has been used by everyone from the ancient
Egyptians to Queen Elizabeth I.

There's a variety of symmetric cryptography algorithms, but the most common
you'll see today are AES and Chacha20.

**Asymmetric Cryptography**

* Asymmetric cryptography - also called
  '[public key cryptography](https://en.wikipedia.org/wiki/Public-key_cryptography)'
  was developed in the 1970s. In asymmetric cryptography, participants have
  pairs of keys (or **keypairs**). Each keypair consists of a **secret key** and
  a **public key**. Asymmetric encryption works differently from symmetric
  encryption, and can do different things:

* **Encryption**: if it's encrypted with a public key, only the secret key from
  the same keypair can be used to read it

* **Signatures**: if it's encrypted with a secret key, the public key from the
  same keypair can be used to prove the secret key holder signed it.

* You can even use asymmetric cryptography to work out a good key for symmetric
  cryptography! This is called **key exchange**, where you use your public keys
  and the recipient's public key to come up with a 'session' key.

* There's a variety of asymmetric cryptography algorithms, but the most common
  you'll see today are variants of ECC or RSA.

Asymmetric encryption is very popular:

* Your bank card has a secret key inside it that's used to sign transactions.

  Your bank can confirm you made the transaction by checking them with the
  matching public key.

* Websites include a public key in their certificate. Your browser will use this
  public key to encrypt the data (like personal information, login details, and
  credit card numbers) it sends to the web page.

  The website has the matching private key so that the website can read the
  data.

* Your electronic passport was signed by the country that issued it to ensure
  the passport isn't forged.

  The electronic passport gates can confirm this using the public key of your
  issuing country.

* The messaging apps on your phone use key exchange to make a session key.

In short, cryptography is all around us. Nexis Native Chain, as well as other blockchains,
are but one use of cryptography.

### Nexis Native Chain uses public keys as addresses

<img src="https://mintlify.s3.us-west-1.amazonaws.com/nexisnetwork/public/assets/courses/unboxed/wallet-addresses.svg" alt="Nexis Native Chain wallet addresses" />

People participating in the Nexis Native Chain network have at least one keypair. In Nexis Native Chain:

* The **public key** is used as an “address” that points to an account on the
  Nexis Native Chain network. Even friendly names - like `example.sol` - point to addresses
  like `dDCQNnDmNbFVi8cQhKAgXhyhXeJ625tvwsunRyRc7c8`

* The **secret key** is used to verify authority over that keypair. If you have
  the secret key for an address, you control the tokens inside that address. For
  this reason, as the name suggests, you should always keep secret keys
  *secret*.

### Using @nexis-network/web3.js to make a keypair

You can use the Nexis Native Chain blockchain from either the browser or node.js with the
`@nexis-network/web3.js` npm module. Set up a project how you normally would, then
[use `npm`](https://nodesource.com/blog/an-absolute-beginners-guide-to-using-npm/)
to install `@nexis-network/web3.js`

```shell theme={null}
npm i @nexis-network/web3.js
```

We’ll cover a lot of
[web3.js](https://nexis.network/docs/clients/javascript-reference) gradually
throughout this course, but you can also check out the
[official web3.js documentation](https://nexis.network/docs/clients/javascript-reference).

To send tokens, send NFTS, or read and write data Nexis Native Chain, you'll need your own
keypair. To make a new keypair, use the `Keypair.generate()` function from
`@nexis-network/web3.js`:

```typescript theme={null}
import { Keypair } from "@nexis-network/web3.js";

const keypair = Keypair.generate();

console.log(`The public key is: `, keypair.publicKey.toBase58());
console.log(`The secret key is: `, keypair.secretKey);
```

<Callout type="warning" title="Do not include secret keys in your source code">
  Since the keypair can be regenerated from the secret key, we usually only store
  the secret key, and restore the keypair from the secret key.

  Additionally, since the secret key gives authority over the address, we don't
  store secret keys in source code. Instead, we:

  * Put secret keys in a `.env` file
  * Add `.env` to `.gitignore` so the `.env` file is not committed.
</Callout>

### Loading an existing keypair

If you already have a keypair you’d like to use, you can load a `Keypair` from
an existing secret key stored in the filesystem or an `.env` file. In node.js,
the `@nexis-network-developers/helpers` npm package includes some extra functions:

```bash theme={null}
npm i @nexis-network-developers/helpers
```

* To use an `.env` file use `getKeypairFromEnvironment()`
* To use a Nexis Native Chain CLI file use `getKeypairFromFile()`

```typescript theme={null}
import "dotenv/config";
import { getKeypairFromEnvironment } from "@nexis-network-developers/helpers";

const keypair = getKeypairFromEnvironment("SECRET_KEY");
```

You know how to make and load keypairs! Let’s practice what we’ve learned.

## Lab

### Installation

Make a new directory, install TypeScript, Nexis Native Chain web3.js and esrun:

```bash theme={null}
mkdir generate-keypair
cd generate-keypair
npm init -y
npm install typescript @nexis-network/web3.js esrun @nexis-network-developers/helpers
```

Make a new file called `generate-keypair.ts`

```typescript theme={null}
import { Keypair } from "@nexis-network/web3.js";
const keypair = Keypair.generate();
console.log(`✅ Generated keypair!`);
```

Run `npx esrun generate-keypair.ts`. You should see the text:

```
✅ Generated keypair!
```

Each `Keypair` has a `publicKey` and `secretKey` property. Update the file:

```typescript theme={null}
import { Keypair } from "@nexis-network/web3.js";

const keypair = Keypair.generate();

console.log(`The public key is: `, keypair.publicKey.toBase58());
console.log(`The secret key is: `, keypair.secretKey);
console.log(`✅ Finished!`);
```

Run `npx esrun generate-keypair.ts`. You should see the text:

```
The public key is:  764CksEAZvm7C1mg2uFmpeFvifxwgjqxj2bH6Ps7La4F
The secret key is:  Uint8Array(64) [
  (a long series of numbers)
]
✅ Finished!
```

## Loading an existing keypair from an .env file

To ensure that your secret key stays secure, we recommend injecting the secret
key using a `.env` file:

Make a new file called `.env` with the contents of the key you made earlier:

```env theme={null}
SECRET_KEY="[(a series of numbers)]"
```

We can then load the keypair from the environment. Update `generate-keypair.ts`:

```typescript theme={null}
import "dotenv/config";
import { getKeypairFromEnvironment } from "@nexis-network-developers/helpers";

const keypair = getKeypairFromEnvironment("SECRET_KEY");

console.log(
  `✅ Finished! We've loaded our secret key securely, using an env file!`,
);
```

Run `npx esrun generate-keypair.ts`. You should see the following result:

```text theme={null}
✅ Finished! We've loaded our secret key securely, using an env file!
```

We've now learned about keypairs, and how to store secret keys securely on
Nexis Native Chain. In the next chapter, we'll use them!

<Callout type="success">
  ## Completed the lab?

  Push your code to GitHub and
  [tell us what you thought of this lesson](https://form.typeform.com/to/IPH0UGz7#answers-lesson=ee06a213-5d74-4954-846e-cba883bc6db1)!
</Callout>
