Commit 701df156 authored by matograine's avatar matograine
Browse files

Merge branch 'checksum' into 'master'

[doc] add RFC0016

See merge request !4
parents 9888c520 53f9bc8a
......@@ -28,6 +28,7 @@ All documents should be implementation agnostic, as specific documentations shou
* RFC_0008: [Duniter Messages Encryption and Signature](
* RFC_0013: [Duniter Encrypted Wallet Import Format](
* RFC_0014: [DUBP Mnemonic](
* RFC_0016: [Checksum for Duniter public keys](rfc/
### Drafts RFCs
# 0016 Checksum for Duniter public keys
RFC: 0016
Title: Checksum for Duniter public keys
Type: Convention
Status: Proposed Standard
Author: matograine <>
Created: 2021-03-07
Last edited: 2021-03-07
License: AGPL-3
## Sources
This document proposes an enhancement on Tortue's standard for public key checksum:
## Public key format
A public key is to be understood as an Ed25519 public key.
It is represented as a Base58 string which length ranges {43,44} characters.
Example of a public key:
Example of two valid public keys referring to the same Ed25519 binary public key:
When converting a public key to its binary representation, the length of the bytes array MUST be verified.
If the length of the array is inferior to 32, zero-bytes MUST be prepended.
# convert public key string to bytes
pubkey_byte = bytearray(base58.b58decode(pubkey))
# prepend zero-bytes until the public key is 32 bytes long
while len(pubkey_byte) < 32:
pubkey_byte = bytearray(b"\x00") + pubkey_byte
## Checksum display
The checksum aims at verifying the consistency of the public key.
It consists in three (3) base58 characters.
It is displayed after the public key, separated by a colon `:`.
Example of two valid representations of a public key with their checksum:
This function is used when a public key is typed manually on the keyboard (or issue on QRcode reader)
to avoid sending coins to the wrong public key. Because no control exist on the Duniter protocol.
This technique is better than adding only some checksum bytes at the end of the key, before the base58.encode because:
- The public key visible for the user is the same.
- If the user miss some characters, the software client can detect it.
- The checksum is not mandatory
### Short form
When displaying a public key on little space, a short form can be used for public keys.
This short form consists in:
* the 4 first characters of the public key
* the ellipsis character `…`
* the 4 last characters of the public key
* a colon `:`
* the checksum
Example of short-form public keys with checksum:
Short form CAN be used for user input, only in research fields.
In that case, users will probably use three points `...` instead of an ellipsis `…`.
Short form MUST NOT be used as a direct input of a public key.
For accessibility, a color CAN be used to display the checksum.
In that case, the same color MUST be used for the separating colon.
## Compute the checksum
To compute the checksum:
0) use the binary representation of the public key :
`pubkey = bytearray(base58.b58decode("J4c8CARmP9vAFNGtHRuzx14zvxojyRWHW2darguVqjtX"))`
1) `sha256(pubkey)`
2) `sha256(sha256(pubkey))`
3) `Base58.encode(sha256(sha256(pubkey))`
4) We only take the 3 first characters of this value to get the checksum
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment