Backing up Aries Framework JavaScript Wallets using DWNs

Never lose your wallet again! Our solution enables seamless wallet backup and recovery using Aries Framework JavaScript and Decentralized Web Nodes.

Comment

Inspiration

Problem

When we first got into self-sovereign identity a few years back, it was quite a niche technology. We Decentralised technologies, such as self-sovereign identity, empower users by granting them control over their data. However, this also places the responsibility of effective data management on the user. Animo Solutions, founded a few years ago, has witnessed the growth of this niche technology into a more established industry, with governments and organisations adopting it. Despite its advantages, the responsibility placed on users may hinder widespread adoption. In a decentralised system, losing one's digital wallet means losing access to all credentials stored within. Unlike centralised systems, where a central authority can provide a copy of lost data, self-sovereign identity systems do not have this luxury.

Aries Framework JavaScript

Animo Solutions contributes significantly to the development of Aries Framework JavaScript (AFJ), an open-source framework for creating self-sovereign identity solutions for both server-side and mobile platforms. Although we added functionality to import/export the contents of AFJ wallets to and from a given file path a while ago, there was no convenient way to do so using a remote storage system.

Decentralized Web Nodes

In April this year, some of us attended the Internet Identity Workshop, where we attended a session about Decentralized Web Nodes (DWNs) – personal data stores designed for easy storage and sharing of individual data with various services and applications. The concept of a self-managed, personal data store with DIDs and VCs baked into its core inspired us to explore the possibilities of using DWNs in harmony with AFJ-based wallets.

Vision & Approach

Many ideas of how to combine DWNs and AFJ-based solutions have crossed our minds. One could, for example, use a DWN as the main wallet. Here, all credentials would be stored in the DWN, and an AFJ-based wallet/app would serve as a controller, authorized using DIDs. Although not possible with the current APIs offered by DWNs, another idea was to use a DWN as a remote Key Management System. In this scenario, all credentials would be stored in the AFJ-based wallet, but cryptographic operations would be delegated to the DWN, simplifying multi-device SSI.

Although these ideas are worth exploring, these ideas are complex and require careful consideration. Because of this, we chose to start small and focus on enabling backing up and recovering AFJ wallets using DWNs. Although this may not have the greatest "wauw-factor", it adds significant value for users of AFJ-based wallets and serves as a starting point for further exploration.

What it does

Our solution has added the ability for AFJ-based wallets to export and upload an encrypted copy of their wallets to a DWN, as well as download and import it back into an AFJ-based application.

This enables users to:

  • Recover their wallet in case their device gets lost or stolen
  • Easily migrate between AFJ-based wallet applications

How we built it

AFJ is a lean framework that offers many modules that consumer applications can include optionally. As such, we have implemented our work as a separate module.

The module's API exposes three methods:

  • connect - this method sets up and opens a connection with the DWN
  • backupWallet - this method exports the wallet and uploads it to the DWN
  • importWallet - this method downloads a wallet record from the DWN and imports it into the wallet

At this stage, the wallet is exported as a single, encrypted blob.

Challenges we ran into

Because DWNs use DIDs for authorization, the DWN needs to be able to resolve the DID used by AFJ. DWNs have support for did:key, did:web and did:ion. Although the first two are supported by AFJ as well, they don't support key rotation, which may be problematic when a key gets compromised. Therefore, we chose to go for did:ion instead. However, because this method is not supported by AFJ, as a temporary workaround, the key is currently created by the DWN and copied over to the AFJ implementation.

Accomplishments that we're proud of

As this is the first effort to back up AFJ-based wallets, we believe it adds significant value to the users of AFJ. Additionally, we hope this work will serve as the foundation of an effort to solve the problem of wallet recovery and multi-device SSI in a practical setting.

What we learned

The Wallet Nodes (WNs) incorporate core SSI standards, such as Decentralised Identifiers and Verifiable Credentials, enabling them to fulfil various roles within the SSI ecosystem. These roles include:

  1. Serving as a primary wallet containing all credentials, where a mobile application serves as a controller.
  2. Functioning as a remote key management system, which allows multiple edge devices to collaborate and utilise a single set of key pairs.
  3. Operating as a backup system for the contents of edge wallets.
  4. Relaying messages to mobile wallets that are not continuously online.

What's next for Backing up Aries Framework JavaScript Wallets using DWNs

As mentioned, the current implementation stores and retrieves the wallet contents as a single blob. This is not a performant approach and can be optimized by backing up the records inside the wallet individually.

In addition to these optimizations, we want to explore the applications mentioned in the previous section.

Built With

  • aries
  • aries-framework-javascript
  • dwn
Share this project:

Updates