irma-demo scheme manager
Clone or download
fvdbroek marked ideal credential as demo and added signatures (#17)
* clearly specify that the ideal credential is a demo credential

* added signatures
Latest commit a3a802b Nov 30, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
IRMATube Fix <Counter> tags in public and private keys Jul 10, 2018
MijnOverheid Add new keys to MijnOverheid supporting more attriutes Nov 28, 2018
RU Fix <Counter> tags in public and private keys Jul 10, 2018
alliander fix: inconsistencies in alliander demo credential Jun 14, 2018
cvgz Fix typo in VGZ credential Nov 23, 2018
forus Added Forus issuer Sep 27, 2018
haarlem Add Haarlem demo credential (#12) Sep 27, 2018
ideal clearly specify that the ideal credential is a demo credential (#16) Nov 30, 2018
idin demo versies ideal credential en age limits voor idin uitgifte (#15) Nov 28, 2018
irmages Irmages demo issuer Sep 28, 2018
nijmegen Make nijmegen credentials consistent with pbdf Sep 17, 2018
nuts added Demo to Issue/Issuer Jul 30, 2018
rdw Fixed small error in rdw. (#11) Sep 27, 2018
vngrealisatie chore: update logo to Common Ground logo Sep 17, 2018
wigo4it add wigo4it stadspas attribute Sep 26, 2018
.gitignore Include private keys in this branch Feb 20, 2013
AUTHORS Update README.md and AUTHORS Oct 23, 2017
LICENSE Release irma_configuration into public domain Mar 12, 2014
README.md Remove reference to silvia from README.md (#1) Nov 23, 2018
description.xml Change scheme manager URL Jan 4, 2018
index marked ideal credential as demo and added signatures (#17) Nov 30, 2018
index.sig marked ideal credential as demo and added signatures (#17) Nov 30, 2018
pk.pem Include new scheme manager public key and signature Nov 9, 2017
sk.pem Include new scheme manager public key and signature Nov 9, 2017
timestamp marked ideal credential as demo and added signatures (#17) Nov 30, 2018

README.md

The irma-demo scheme manager

This repository contains the credential definitions, issuer information, and their public and private keys of the irma-demo scheme manager.

CAREFUL! This scheme manager is only ever meant to be used for development, demoing and experimenting! Because the issuer private keys are included in this repository everyone can issue any credential from this scheme manager, choosing the attributes freely. Thus their authenticity cannot be trusted. (For an actual scheme manager, see the Privacy by Design Foundation scheme manager.)

Use this repository by putting it in the irma_configuration folder of your project (for example, the IRMA mobile app or the IRMA API server). Be sure to call the folder irma-demo! E.g.,

git clone https://github.com/privacybydesign/irma-demo-schememanager irma-demo

Directory structure

A scheme manager, issuer, or credential type (call it an entity) is always stored in description.xml, contained in a folder whose name must be that of the entity as specified by the xml file. Multiple issuers are grouped under the scheme manager, and each issuer may issue multiple credential types.

SchemeManager
+-- IssuerName
|   +-- Issues
|   |   +-- CredentialName
|   |       +--- description.xml
|   |       +--- logo.png
|   +-- PublicKeys
|   |   +-- 0.xml
|   |   +-- 1.xml
|   +-- PrivateKeys (need not be present)
|   |   +-- 0.xml
|   |   +-- 1.xml
|   +-- description.xml
|   +-- logo.png
+-- description.xml
+-- index
+-- index.sig
+-- pk.pem

Some notes on adding a new organization

First setup up the description.xml files of the scheme manager, issuers, and the credentials types that fall under your scheme manager, laying out the files as above. Make sure you add logos for your issuers and credential types.

Idemix public-private keypairs can be generated using irmatool; be sure to put the keys in the correct place in the directory tree. Keys of 2048 bits currently offer the best compromise between security and performance. For example:

$ irmatool genkeypair -a 6 -l 2048 -c 0 -p ipk.xml -k isk.xml

The index file must contain the SHA256-hash of each file along with its location in the directory tree; the index.sig file must contain an ECDSA signature over this file (which thus effectively signs the entire directory tree), and the public key of this signature must be in pk.pem. The IRMA app verifies this signature when starting and when downloading new scheme manager files, and will refuse to use the entire scheme manager when this signature verification fails. You can use the schememgr tool from the irmago repository to generate an ECDSA private-public keypair, the index file, and the index.sig signature file.

Note

This repository contains the same tree as (the now deprecated) github.com/credentials/irma_configuration but with the outer irma_configuration folder removed.