PGP and SSL certificates.These are the names which pop in most heads who have heard the term PKI or public key infrastructure before.For the last two decades, PKI was kind of equal to RSA.It is a brilliant, easy to understand method for public-key cryptography.Today you can also use elliptic curve cryptography for the same, which offers space savings.For the same level of security it requires smaller key sizes.On the flip side it takes a bit more effort to understand it.This doesn’t mean RSA would be superseded.It is used more widely than ever.Do you have a government issued ID card?More likely than not, it uses RSA.Do you have credentials for online banking or taxation?Do you have an encryption token from your employer?Do you encrypt/sign important emails?Mostly that is done via PGP, which uses RSA.Some of the use cases this would enable:Using an RSA key to sign transaction with a contract.This includes your encryption device as well government ID cards.Verifying certificate structures in smart contracts.Using government ID cards to prove individuality.Use cases which are not meant to be supported in Ethereum are:Encrypting using RSA keys in contracts.

All contract data is public, there is no point to encrypt something for a recipient.Decrypting using RSA keys in contracts.The keys held by a contract are public too.Creating RSA signatures.The same, keys would be public.Yes, … and no.You can implement RSA in EVM (and its languages, Serpent and Solidity).diy bitcoin mining caseFor laughably small (~ a few bits) key sizes you could do that without a big number library.litecoin mining volumeImplementing a big number library used in this order of performance would be cost prohibitive.ethereum stack exchangeSimply it would cost more gas, than its usefulness is worth.There are three more rational solutions:Implement an oracle (aka.external data provider) to do RSA calculations.You must trust this service and that is not a good position to be in with cryptography.Wait until this improvement proposal is accepted.Wait for EVM2.0, the next generation of the Ethereum machine, which would provide near-native performance for contracts.

RSA could be written in a contract efficiently.Don’t be.With all the nice tools available for Ethereum, I’ve created a sample implementation in Javascript.It has two components:The proposed precompiled contract called rsaverify implemented in ethereumjs-vm.A small wrapper written in Solidity assembly to provide the rsaverify method to contracts.All this is bundled up in the browser-solidity app for easy testing.Will you finally show me some code?And now, read this Github repository for technical explanation and links to sources.Absolutely!This is pretty much work in progress.You can help with the following:Defining the API suiting all use cases, with consideration to how the contract ABI and languages work.Defining gas costs for different RSA key sizes.Providing sample implementations for geth (Go) and eth (C++).(But don’t ask the maintainers to merge it!)Ethereum change requests (EIPs) have a better chance of acceptance if there are people actually needing that feature and all the small implementation details are worked out.With your help, this might become a supported feature in subsequent Ethereum (hard) forks.(*)

I’m confused by the title.Does it mean anything?RSA was invented in 1973 and 1977.Share_ Here's how it works: Anybody can ask a question Anybody can answer The best answers are voted up and rise to the top up vote 4 down vote favorite 1 Does ethereum node supports SSL (https) JSON-RPC connections like in Bitcoin?is there any work on control access over ethereum rpc nodes?Thank you go-ethereum Your Answer Sign up or log in Sign up using Google Sign up using Email and Password Post as a guest Name Email discard By posting your answer, you agree to the privacy policy and terms of service.Browse other questions tagged go-ethereum or ask your own question.With websites operating under the constant threat of attacks, users have long been accustomed to looking for a little green lock in web browsers, signaling an SSL certificate, to ensure that the site is secure.Today, SSL is used for transmitting sensitive information over the Internet, and it has long been a significant driver of e-commerce.

Involved in this process are protocols including the Secure Sockets Layer (SSL) and Transport Layer Security (TLS), as well as certificate authorities (CAs), entities that issue digital certificates to organizations or individuals.Now, digital identity startup Netki has announced that it is releasing what it considers to be the first digital identity certificate akin to the SSL for the blockchain in a bid to replicate both this technology and its top-lever services on the blockchain.In interview, CEO and co-founder Justin Newton expanded on the vision for the product, which follows a wallet naming service it introduced last year."What we did is we took a look at the ecosystem and saw that everyone was doing a good job of doing KYC (know your customer) on their own customers, but blockchains in general don’t have a really great way of knowing who your counterparty is.That has some usability issues because you like to know who you’re transacting with."Newton pointed to the regulatory reasons why such a functionality could prove useful for those executing blockchain-based transactions.

In particular, Newton cited FinCEN's travel rule, which "requires all financial institutions to pass on certain information to the next financial institution, in certain funds transmittals involving more than one financial institution".Under the travel rule, the identities of all participants involved in digital currency transfers greater than $3,000, including the money service businesses (MSBs) such as wallet providers and exchanges and the actual sender and receiver of the funds, must be known.Part of the problem is that MSBs have to worry about sending money to nations that are sanctioned under the auspices of the Office of Foreign Asset Control (OFAC)."They keep us from transacting with ISIS," Newton explained.Newton cautioned that many companies in the digital currency industry are potentially at risk of violating OFAC rules, which harms the ecosystem in two ways.The first is that current companies could deal with significant regulatory risk."It’s also preventing traditional financial institutions from being able to connect or interact with the open blockchain," he argued.

On the bitcoin network today, a piece of code called BIP70 handles a similar function, allowing spenders to obtain signed payment details from those who receive transactions.But, part of the problem is that BIP70 wasn’t built to support the rules required by FinCEN for these large transactions, Netki argues.In a presentation at Consensus 2016, Newton explained that the existing payment flow, BIP70, only allows for a certificate from the wallet provider of the recipient to be sent.In the slide above, this means that when Alice sends Bob an invoice, that is the only time identity is exchanged.To get around this problem, a team of developers, including Netki's Newton and Matt David as well as Breadwallet's Aaron Voisine and James MacWhyte, submitted an updated proposal called BIP75.According to the Git, this solves two important problems.The first is that it allows the sender of a payment request to voluntarily sign the original request and provide a certificate to allow the payee to know who they are transacting with.

“This allows the exchange of identity information to be optionally two-way,” Newton explained, adding: "Before a transaction occurs, the receiver can know who the sender is and the sender can know who the receiver is and their service provider can provide any required AML checks that they need to form before the transaction occurs."Essentially, both the sender and receiver of the payment request – and their corresponding MSBs – can voluntarily hand over the necessary identification to ensure that all parties involved are legally allowed to send and receive payment.Newton explained that BIP75 is already implemented in Netki’s open-source software, Addressimo, and that he expects that implementation in wallet software to commence over the next few months.The second problem that BIP75 solves allows for Netki and other service providers is ensuring user privacy.According to the authors, BIP75 "encrypts the payment request that is returned, before handing it off to the SSL/TLS layer to prevent man in the middle viewing of the Payment Request details".

This point is critical for the whole process, because Netki doesn’t believe that the identification should actually be on the public ledger."We wanted to be sure that this all happened at the application layer rather than the blockchain protocol layer because we didn’t think it was right to build any identity into an open permissionless network."Instead, Netki will seek to act as a certificate authority similar to how Symantec sells SSL certificates to domain name holders.When a MSB acquires a digital identity certificate for itself and its users, the name, address and verification level (aligned to the risk or value of the transactions) is built into the certificate.When a transaction is made, the MSBs on both sides send identity certificates and compare the information through their own AML checks.If both sides have a small green lock, the transaction is secure and compliant.Newton explained that one certificate would contain both the MSB and client information, but in the future, there would be a separate certificate for the MSB and client.

But not storing information on a public ledger is also necessary for the world that Newton believes is coming.Netki is taking a blockchain-agnostic approach to the roll out of this digital identity certificate the same way it did with its wallet name product.Specifically, users can use one of the wallet names to receive payment in bitcoin, tether and ethereum so they don’t have to create multiple payment addresses.With that in mind, Newton explained that they created "one digital identity certificate that works across all blockchains so you don’t have to revalidate across every chain"."One of the things about the way we built the solution with identity not stored on the blockchain, is that one identity certificate can work across every blockchain you work on.As we start to go into a world where we see that most people will be operating on more than one public or private blockchain, we see that this provides more flexibility than a siloed identity system that requires you to re-verify yourself."

In the future, users will be able to utilize a single certificate across all the chains they work on, verifying their identity when and where it is needed.During the identity workshop at Consensus 2016, Newton, who first presented this new product, explained that trying to create an entirely new certificate program is incredibly difficult."You can’t walk into a government office and just tell them to get rid of their ID system and trust you," he explained.Recognizing this, Netki opted to go with the Federal Bridge Certification Authority that is already widely understood and accepted worldwide."One of the other things is we leveraged an existing digital identity standard that actually has legal basis and case law behind it.That has been enshrined in some international treaties.This is already an internationally recognized form of digital identity," Newton said.According to a white paper published by Entrust, "the bridge CA provides trust paths between principal Certification Authorities for trust domain PKIs [public key infrastructures]".

In the case of the Federal Bridge, "it does not provide a root of trust, but instead links together existing trust infrastructures".By building on top of the Federal Bridge CA, MSBs don’t have to worry about whether the certificate provided by Netki is acceptable from a regulatory perspective because they already have years of experience using it for their businesses.While Newton couldn’t yet offer a precise cost for the certificate, he did suggest that the two-year certificate for validated identity wouldn’t be cost prohibitive for individuals or their MSBs."In most cases, where a MSB is involved, we anticipate that the cost won’t show up as a direct cost for the consumer.Since it’s only needed for transactions over $3,000, if you look at the cost, it could be comparable to one wire transfer fee, and the certificate can be used for all transactions for the following two years," he said.Netki is pushing toward launching a pilot in the next couple of months and Newton expects that the full product will be available to all consumers by the end of 2016.