Pairing

On this page, you will learn about:

Two personas are said to be paired if they have cached their respective blockchain certificate roots. The counter party of a paired persona is called a contact. Pairing is a first step enabling the Keychain Core software module to detect whether a contact has changed security parameters on the blockchain. This allows the two personas to keep security parameters in synch in the event one or both personas change them — a necessity for several general scenarios such as break-glass recovery.

A persona may be paired with multiple contacts. Within a single device, the contacts of multiple personas are segregated; the respective set of contacts of each persona is not necessarily recognized by (ie, not necessarily paired with) the other persona on the same device. This segregation enables contextualized communication security based on the pairings performed for each persona.

Commonly, an application will implement a concept of a currently active persona so that when data is received, its decryption and verification are performed with respect to the set of contacts of that persona. If data is received that is signed by a contact of a persona that is not the currently active persona, you may want to reject the data. Conversely, if you do not know beforehand which persona is the intended recipient, you may want to set the active persona to whichever persona has the the data signer as a paired contact.

Keychain Core gives you the ability to do both. Note that as the attributes (such as name or digital ID) of a persona is not stored on the blockchain but instead stored locally, the attributes of contacts are similarly stored locally.