10 Decentralized key management

Chapter 9 covered the overall topic of SSI digital wallets and agents. However, the function at the very core of digital wallets—cryptographic key management—is deep enough to merit its own chapter. Although thousands of papers and dozens of books have been written on the subject of key management, for this chapter on decentralized key management, we called on Dr. Sam Smith, who is not only one of the most prolific thinkers and authors in SSI but the inventor of Key Event Receipt Infrastructure (KERI), covered in the final section of this chapter. Sam received his PhD in electrical and computer engineering from Brigham Young University in 1991; spent 10 years at Florida Atlantic University, reaching full professor status; and then retired to become a full-time entrepreneur and strategic consultant. He has over 100 refereed publications in the areas of machine learning, AI, autonomous vehicle systems, automated reasoning, blockchains, and decentralized systems.

Chapter 9 began with this overarching definition of digital wallets:

A digital wallet consists of software (and optionally hardware) that enables the wallet’s controller to generate, store, manage, and protect cryptographic keys, secrets, and other sensitive private data.

10.1 Why any form of digital key management is hard

10.2 Standards and best practices for conventional key management

10.3 The starting point for key management architecture: Roots of trust

10.4 The special challenges of decentralized key management

10.5 The new tools that VCs, DIDs, and SSI bring to decentralized key management

10.5.1 Separating identity verification from public key verification

10.5.2 Using VCs for proof of identity

10.5.3 Automatic key rotation

10.5.4 Automatic encrypted backup with both offline and social recovery methods

10.5.5 Digital guardianship

10.6 Key management with ledger-based DID methods (algorithmic roots of trust)

10.7 Key management with peer-based DID methods (self-certifying roots of trust)