Signify implementation in Python
Of the five functions in a KERI agent,
- Key generation
- Encrypted key storage
- Event generation
- Event signing
- Event Validation
Signifypy provides key generation and event signing in a library to provide "signing at the edge". It accomplishes this by using libsodium to generate ed25519 key pairs for signing and x25519 key pairs for encrypting the private keys, next public keys, and salts used to generate the private keys. The encrypted private key and salts are then stored on a remote cloud agent that never has access to the decryption keys. New key pair sets (current and next) will be generated for inception and rotation events with only the public keys and blake3 hash of the next keys made available to the agent.
The communication protocol between a Signify client and KERI agent will encode all cryptographic primitives as CESR base64 encoded strings for the initial implementation. Support for binary CESR can be added in the future.
Install uv first, then sync the local environment:
make syncRun the fast test suite with:
make testmake buildpip install signifypy
make syncIf you already have a Python environment selected and want an editable install
inside that environment, uv still supports that flow directly:
uv pip install -e .
