Commit 85e10db5 authored by David Venhoek's avatar David Venhoek Committed by Tomas
Browse files

Updated readme to match current irma tooling.

parent ac7963c0
......@@ -30,18 +30,19 @@ A scheme manager, issuer, or credential type (call it an *entity*) is always sto
+-- index
+-- index.sig
+-- pk.pem
+-- timestamp
## Some notes on adding a new organization
First setup up the `description.xml` files of the scheme manager, issuers, and the credentials types that fall under your scheme manager, laying out the files as above. Make sure you add logos for your issuers and credential types.
Idemix public-private keypairs can be generated using [irmatool](https://github.com/mhe/irmatool); be sure to put the keys in the correct place in the directory tree. Keys of 2048 bits currently offer the best compromise between security and performance. For example:
Idemix public-private keypairs can be generated using the [irma](https://irma.app/docs/irma-cli/) command from [irmago](https://github.com/privacybydesign/irmago). Be sure to put the keys in the correct place in the directory tree. The default options should be ok for most situations. For example:
```
$ irmatool genkeypair -a 6 -l 2048 -c 0 -p ipk.xml -k isk.xml
irma scheme issuer keygen path/to/issuer/directory
```
The `index` file must contain the SHA256-hash of each file along with its location in the directory tree; the `index.sig` file must contain an ECDSA signature over this file (which thus effectively signs the entire directory tree), and the public key of this signature must be in `pk.pem`. The [IRMA app](https://github.com/privacybydesign/irma_mobile) verifies this signature when starting and when downloading new scheme manager files, and will refuse to use the entire scheme manager when this signature verification fails. You can use the [schememgr tool](https://github.com/privacybydesign/irmago/tree/master/schememgr) from the [irmago](https://github.com/privacybydesign/irmago) repository to generate an ECDSA private-public keypair, the `index` file, and the `index.sig` signature file.
The `index` file must contain the SHA256-hash of each file along with its location in the directory tree; the `index.sig` file must contain an ECDSA signature over this file (which thus effectively signs the entire directory tree), and the public key of this signature must be in `pk.pem`. The [IRMA app](https://github.com/privacybydesign/irma_mobile) verifies this signature when starting and when downloading new scheme manager files, and will refuse to use the entire scheme manager when this signature verification fails. You can use the scheme subcommand of the [irma](https://irma.app/docs/irma-cli/) command from the [irmago](https://github.com/privacybydesign/irmago) repository to generate an ECDSA private-public keypair, the `index` file, and the `index.sig` signature file.
# Note
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment