d0db6f00f1
KEZ is a portable, decentralized identity graph: a person signs claims
linking their many accounts, publishes those claims in places only the
claimed account can publish to, and anyone can verify the connections
without trusting a central server.
Layout
------
- SPEC.md Language-agnostic protocol spec (v0.2)
- rust/ Rust implementation: kez-core, kez-channels, kez-cli
- nodejs/ TypeScript port at full parity
- rust-sig-server/ Optional axum + SQLite storage server for sigchains
- crosstest.sh Cross-implementation interop harness
Capabilities (both implementations, byte-compatible)
----------------------------------------------------
- Two primary-key algorithms: nostr/secp256k1 Schnorr (BIP-340) and
Ed25519 (RFC 8032). Identifiers: nostr:npub1... and ed25519:<hex>.
- JCS (RFC 8785) canonicalization for everything signed.
- Four proof encodings: JSON envelope, compact (kez:z1:<base64url(zstd(json))>),
Markdown fence, DNS TXT.
- Five channel plugins (no API keys, no auth needed for any of them):
dns: system resolver, _kez.<domain> TXT records
github: public gist scan + <user>/<user> profile README fallback
nostr: kind-30078 events from default relays
bluesky: public AppView author feed
ap: WebFinger + actor JSON (alias mastodon:)
- Identical CLI surface:
kez identity new [--key-type nostr|ed25519]
kez claim create <subject> (--nsec | --ed25519-seed) [--format ...] [--out ...]
kez claim dns <domain> (--nsec | --ed25519-seed)
kez verify file <path>
kez verify id <identifier>
kez sigchain add|revoke|show|export|publish
- Sigchains: append-only signed log per primary, hash-chained per spec §6,
stored locally at ~/.kez/sigchains/, exportable as JSONL or kez:zc1: bundle.
- Sigchain publish destinations: chain server, web (file dump), DNS (zone
record print), nostr (kind-30078 wrapping event).
kez-sig-server
--------------
Optional storage tier. Axum + SQLite, single binary, no external deps.
- No auth — the cryptography is the access control. The server validates
every signature, every seq, every prev hash before storing.
- REST API: POST /v1/sigchains/{scheme}/{id}/events (append signed event,
201 with new head hash or 4xx); GET /{scheme}/{id} (full chain as JSONL);
GET /head; GET /healthz.
- Designed for one central instance for now; the design doesn't preclude
running more later (clients gain a configurable list, verifiers
reconcile per spec §6.2).
- Channel-based publishing remains the always-available fallback if the
server is unavailable.
Tests
-----
- rust/ 99 tests
- rust-sig-server/ 10 integration tests (real HTTP, real SQLite)
- nodejs/ 91 tests (vitest)
- crosstest.sh 19 cross-impl scenarios — proves JCS bytes,
Schnorr + Ed25519 sigs, all four claim encodings,
and the sigchain JSONL bundle are byte-compatible
between Rust and Node in both directions.
What's not done yet
-------------------
- verify id consulting the sigchain for revocations (data path exists,
just not wired into the verifier output).
- rotate and add_device sigchain ops (types reserved).
- expires_at enforcement during claim verification.
- Typed VerificationStatus.status reflecting the five failure modes.
- Auth-required publishers (GitHub gist, Bluesky, ActivityPub).
176 lines
5.9 KiB
Rust
176 lines
5.9 KiB
Rust
//! DNS channel: looks up `_kez.<domain>` TXT records and verifies the first
|
|
//! one whose value parses as a KEZ proof (compact or legacy form).
|
|
|
|
use std::sync::Arc;
|
|
|
|
use async_trait::async_trait;
|
|
use hickory_resolver::{Resolver, proto::rr::RData};
|
|
use kez_core::{COMPACT_PROOF_PREFIX, Identity, dns_txt_name};
|
|
|
|
use crate::{Channel, ChannelError, ChannelHit, ChannelResult, parse_and_verify_for};
|
|
|
|
/// Resolver abstraction so tests can substitute a fake. The real
|
|
/// implementation uses `hickory-resolver` against the system config.
|
|
#[async_trait]
|
|
pub trait TxtResolver: Send + Sync {
|
|
async fn lookup_txt(&self, name: &str) -> ChannelResult<Vec<String>>;
|
|
}
|
|
|
|
/// Production resolver: builds a tokio-backed hickory resolver per call.
|
|
pub struct SystemResolver;
|
|
|
|
#[async_trait]
|
|
impl TxtResolver for SystemResolver {
|
|
async fn lookup_txt(&self, name: &str) -> ChannelResult<Vec<String>> {
|
|
let resolver = Resolver::builder_tokio()
|
|
.map_err(|e| ChannelError::Unreachable(format!("resolver config: {e}")))?
|
|
.build()
|
|
.map_err(|e| ChannelError::Unreachable(format!("resolver build: {e}")))?;
|
|
let lookup = resolver
|
|
.txt_lookup(name)
|
|
.await
|
|
.map_err(|e| ChannelError::Unreachable(format!("TXT lookup {name}: {e}")))?;
|
|
|
|
let mut out = Vec::new();
|
|
for record in lookup.answers() {
|
|
let RData::TXT(txt) = &record.data else {
|
|
continue;
|
|
};
|
|
// TXT RDATA is a sequence of <=255-byte segments; concatenate them
|
|
// back into the original payload.
|
|
let value: String = txt
|
|
.txt_data
|
|
.iter()
|
|
.map(|bytes| String::from_utf8_lossy(bytes))
|
|
.collect();
|
|
out.push(value);
|
|
}
|
|
Ok(out)
|
|
}
|
|
}
|
|
|
|
#[derive(Clone)]
|
|
pub struct DnsChannel {
|
|
resolver: Arc<dyn TxtResolver>,
|
|
}
|
|
|
|
impl DnsChannel {
|
|
pub fn new() -> Self {
|
|
Self {
|
|
resolver: Arc::new(SystemResolver),
|
|
}
|
|
}
|
|
|
|
/// Inject a custom resolver (used by tests and any non-system DNS path).
|
|
pub fn with_resolver(resolver: Arc<dyn TxtResolver>) -> Self {
|
|
Self { resolver }
|
|
}
|
|
}
|
|
|
|
impl Default for DnsChannel {
|
|
fn default() -> Self {
|
|
Self::new()
|
|
}
|
|
}
|
|
|
|
#[async_trait]
|
|
impl Channel for DnsChannel {
|
|
fn system(&self) -> &'static str {
|
|
"dns"
|
|
}
|
|
|
|
async fn fetch_and_verify(&self, identity: &Identity) -> ChannelResult<ChannelHit> {
|
|
let name = dns_txt_name(identity).map_err(|e| ChannelError::Other(e.into()))?;
|
|
let records = self.resolver.lookup_txt(&name).await?;
|
|
|
|
let mut last_error: Option<ChannelError> = None;
|
|
for value in records {
|
|
if !looks_like_kez_txt(&value) {
|
|
continue;
|
|
}
|
|
match parse_and_verify_for(&value, identity) {
|
|
Ok(hit) => return Ok(hit),
|
|
Err(err) => last_error = Some(err),
|
|
}
|
|
}
|
|
|
|
Err(last_error.unwrap_or_else(|| ChannelError::NotFound(identity.clone())))
|
|
}
|
|
}
|
|
|
|
/// Pure: a TXT value looks like a KEZ proof if it starts with the compact
|
|
/// prefix (spec form) or the legacy `kez1:` prefix.
|
|
pub fn looks_like_kez_txt(value: &str) -> bool {
|
|
value.starts_with(COMPACT_PROOF_PREFIX) || value.starts_with("kez1:")
|
|
}
|
|
|
|
#[cfg(test)]
|
|
mod tests {
|
|
use super::*;
|
|
use chrono::Utc;
|
|
use kez_core::{ClaimPayload, NostrSecret, SignedClaim};
|
|
|
|
struct FakeResolver(Vec<String>);
|
|
|
|
#[async_trait]
|
|
impl TxtResolver for FakeResolver {
|
|
async fn lookup_txt(&self, _name: &str) -> ChannelResult<Vec<String>> {
|
|
Ok(self.0.clone())
|
|
}
|
|
}
|
|
|
|
fn sign_dns(subject: &str) -> SignedClaim {
|
|
let secret = NostrSecret::generate();
|
|
let primary = Identity::parse(format!("nostr:{}", secret.npub())).unwrap();
|
|
let subject = Identity::parse(subject).unwrap();
|
|
SignedClaim::sign(ClaimPayload::new(subject, primary, Utc::now()), &secret).unwrap()
|
|
}
|
|
|
|
#[test]
|
|
fn looks_like_kez_txt_accepts_both_prefixes() {
|
|
assert!(looks_like_kez_txt("kez:z1:foo"));
|
|
assert!(looks_like_kez_txt("kez1:{...}"));
|
|
assert!(!looks_like_kez_txt("v=spf1 -all"));
|
|
assert!(!looks_like_kez_txt(""));
|
|
}
|
|
|
|
#[tokio::test]
|
|
async fn no_records_yields_not_found() {
|
|
let channel = DnsChannel::with_resolver(Arc::new(FakeResolver(vec![])));
|
|
let identity = Identity::parse("dns:jason.example.com").unwrap();
|
|
let err = channel.fetch_and_verify(&identity).await.unwrap_err();
|
|
assert!(matches!(err, ChannelError::NotFound(_)));
|
|
}
|
|
|
|
#[tokio::test]
|
|
async fn ignores_non_kez_txt_then_falls_through() {
|
|
let channel = DnsChannel::with_resolver(Arc::new(FakeResolver(vec![
|
|
"v=spf1 -all".into(),
|
|
"google-site-verification=abc".into(),
|
|
])));
|
|
let identity = Identity::parse("dns:jason.example.com").unwrap();
|
|
let err = channel.fetch_and_verify(&identity).await.unwrap_err();
|
|
assert!(matches!(err, ChannelError::NotFound(_)));
|
|
}
|
|
|
|
#[tokio::test]
|
|
async fn verifies_compact_proof() {
|
|
let signed = sign_dns("dns:jason.example.com");
|
|
let compact = signed.to_compact().unwrap();
|
|
let channel = DnsChannel::with_resolver(Arc::new(FakeResolver(vec![compact])));
|
|
let identity = Identity::parse("dns:jason.example.com").unwrap();
|
|
let hit = channel.fetch_and_verify(&identity).await.unwrap();
|
|
assert_eq!(hit.proof, signed);
|
|
}
|
|
|
|
#[tokio::test]
|
|
async fn rejects_proof_for_wrong_subject() {
|
|
let signed = sign_dns("dns:mallory.example.com");
|
|
let compact = signed.to_compact().unwrap();
|
|
let channel = DnsChannel::with_resolver(Arc::new(FakeResolver(vec![compact])));
|
|
let identity = Identity::parse("dns:jason.example.com").unwrap();
|
|
let err = channel.fetch_and_verify(&identity).await.unwrap_err();
|
|
assert!(matches!(err, ChannelError::SubjectMismatch { .. }));
|
|
}
|
|
}
|