Unverified Commit 3bfa534a authored by Sietse Ringers's avatar Sietse Ringers Committed by GitHub
Browse files

Update README.md

parent 673026fd
......@@ -33,16 +33,16 @@ A scheme manager, issuer, or credential type (call it an *entity*) is always sto
## Some notes on adding a new organization
First setup up the descriptions of the organization, the credentials it issues and the credentials it verifies. Make sure you add a description for your organization, and a logo.png file.
First setup up the `description.xml` files of the scheme manager, issuers, and the credentials types that fall under your scheme manager, laying out the files as above. Make sure you add logos for your issuers and credential types.
Keys can be generated using [irmatool](https://github.com/mhe/irmatool) or [silvia](https://github.com/credentials/silvia). It is safest to use keys of 4096 bits, for example (this will probably take a few minutes):
Idemix public-private keypairs can be generated using [irmatool](https://github.com/mhe/irmatool) or [silvia](https://github.com/credentials/silvia); be sure to put them in the correct place in the directory tree. Keys of 2048 bits currently offer the best compromise between security and performance. For example:
$ irmatool genkeypair -a 6 -l 4096 -c 0 -p ipk.xml -k isk.xml
$ silvia_keygen -a 6 -n 4096 -c 0 -p ipk.xml -P isk.xml
$ irmatool genkeypair -a 6 -l 2048 -c 0 -p ipk.xml -k isk.xml
$ silvia_keygen -a 6 -n 2048 -c 0 -p ipk.xml -P isk.xml
You will need to place these keys at the correct place in the directory tree. Alternatively, the `generate_keys.sh` script can generate keys (with counter 0) for you at the correct place.
The `index` file must contain the SHA256-hash of each file along with its location in the directory tree; the `index.sig` file must contain an ECDSA signature over this file (which thus effectively signs the entire directory tree), and the public key of this signature must be in `pk.pem`. The [IRMA app](https://github.com/credentials/irma_mobile) verifies this signature when starting and when downloading new scheme manager files, and will refuse to use the entire scheme manager when this signature verification fails. You can use the [schememgr tool](https://github.com/credentials/irmago/tree/master/schememgr) from the [irmago](https://github.com/credentials/irmago) repository to generate an ECDSA private-public keypair, the `index` file, and the `index.sig` signature file.
# Note
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment