Skip to content

Data Model

This document describes the data structures used in Proof Keys Studio.

Keys

Keys are EdDSA (Ed25519) key pairs stored as did:key identifiers.

Key Properties

  • id: Unique identifier (UUID)
  • label: Human-friendly name (e.g., default, prod-signing-1)
  • algorithm: Always ED25519
  • did: The did:key identifier (e.g., did:key:z6Mk...)
  • publicKeyMultibase: Public key in multibase format
  • createdAt: ISO 8601 timestamp
  • status: active or inactive
  • owner_id: User or session identifier
  • upgradedDid: Optional did:web DID if upgraded
  • expiresAt: Optional expiry date

Key Storage

Keys are stored in Askar SQLite database with: - Encrypted key material - Metadata (label, algorithm, DID) - Owner association

Proofs

Proofs are W3C Data Integrity Proofs using the eddsa-jcs-2022 cryptosuite.

Proof Structure

{
  "type": "DataIntegrityProof",
  "cryptosuite": "eddsa-jcs-2022",
  "created": "2025-01-15T10:30:00Z",
  "verificationMethod": "did:key:z6Mk...#z6Mk...",
  "proofPurpose": "assertionMethod",
  "proofValue": "z..."
}

Stored Proofs

Stored proofs (in browser localStorage) include: - id: Unique identifier - document: Original document payload - proof: Proof object - verificationMethod: DID used for signing - cryptosuite: Proof suite used - created: Creation timestamp - rawContent: Complete signed document (JSON string) - createdAt: Storage timestamp - size: Document size in bytes - starred: Whether the proof is starred

Activity Events

Activity events track all user operations.

Event Properties

  • id: Unique identifier
  • type: Event type (KEY_CREATED, PROOF_CREATED, etc.)
  • message: Human-readable description
  • createdAt: ISO 8601 timestamp
  • subject: User/session identifier
  • keyLabel: Associated key label (if applicable)
  • keyDid: Associated key DID (if applicable)

Event Types

  • KEY_CREATED: Key creation
  • DID_CREATED: DID creation
  • KEY_UPGRADED: Key upgrade to did:web
  • PROOF_CREATED: Proof creation
  • WEBAUTHN_REGISTERED: WebAuthn registration
  • WEBAUTHN_LOGIN: WebAuthn login
  • SESSION_OPENED: Session opened
  • SESSION_CLOSED: Session closed

Users

Users are identified by:

  • username: Free-form username (for WebAuthn users)
  • owner_id: User identifier (username for registered users, clientId for anonymous)
  • did: User DID (for registered users): did:web:proof-keys.studio:user:{username}

User Types

  • WebAuthn Users: Registered with username and WebAuthn credential
  • Anonymous Users: Session-based, no username, limited to 1 key

Sessions

Sessions track user authentication state:

  • clientId: Browser session identifier (UUID)
  • username: Optional username (for registered users)
  • authenticated: Whether the user is authenticated