Overview
State-of-the-art key management focusing on advanced privacy and messaging capabilities.
Last updated
State-of-the-art key management focusing on advanced privacy and messaging capabilities.
Last updated
The Vault service offers state-of-the-art key management with a focus on providing advanced privacy and messaging capabilities (i.e., zero-knowledge proofs, SNARK-friendly hash functions, double-ratchet algorithm, etc.) in a single enterprise-grade API.
This section describes the elliptic curves and key specifications which are currently supported by the API. Supported curves and key specs are defined with a type
of either or symmetric
or asymmetric.
Certain symmetric
keys support key derivation (i.e., such as the ChaCha20
stream cipher). Other key specs, such as RSA, are provided for convenience and to achieve table-stakes feature-parity with industry-standard key management solutions such as AWS Key Management Service, Azure Key Vault, Hashicorp Vault, etc.
Key Spec
Description
AES-256-GCM
default encryption for the master key of each Vault
instance
ChaCha20
stream cipher useful with double-ratchet messaging algorithm
RSA
2048, 3072 and 4096-bit
RSASSA-PSS
and RSASSA-PKCS1-V1_5-SIGN
for sign/verify operations;
RSAES_OAEP_SHA_256
for encrypt/decrypt operations
Key Spec
Description
babyJubJub
a twisted Edwards elliptic curve designed for zk-SNARK circuits
BIP39
BIP39 hierarchical deterministic (HD) wallet for deriving secp256k1
keys
C25519
elliptic curve designed for Diffie-Hellman (ECDH) key exchange
Ed25519
EdDSA signature scheme using SHA-512 (SHA-2)
Ed25519-nkey
public key signature system based on Ed25519
for the NATS community
RSA
2048, 3072 and 4096-bit
PSS
and PKCS
for sign/verify operations
OAEPSHA256
for encrypt/decrypt operations
secp256k1
elliptic curve used with ECDSA (i.e., ETH, BTC)