# Self Documentation

This directory contains comprehensive documentation for the Self digital identity tool.

## Documentation Structure

- [`architecture.md`](architecture.md) - System architecture and design principles
- [`authentication-flows.md`](authentication-flows.md) - Detailed authentication and registration flows
- [`server-api.md`](server-api.md) - Server API documentation and endpoints
- [`cryptography.md`](cryptography.md) - Cryptographic implementation details
- [`vault-system.md`](vault-system.md) - Vault functionality and key management
- [`openid-compliance.md`](openid-compliance.md) - OpenID Connect compliance documentation
- [`security-model.md`](security-model.md) - Security considerations and threat model
- [`deployment.md`](deployment.md) - Production deployment guidelines
- [`development.md`](development.md) - Development setup and contribution guide

## Quick Reference

### Key Concepts
- **Self-Sovereign Identity**: Users control their own identity without relying on centralized authorities
- **Client-Side Encryption**: All private keys are encrypted locally before storage
- **Decentralized Authentication**: Public key-based authentication without password dependencies
- **Vault System**: Secure storage for multiple encrypted keys with password-based access

### Core Components
- **Registration Component**: Email verification and key pair generation
- **Login Component**: Cryptographic challenge-response authentication
- **Identity Component**: Identity management and key access
- **Vault Manager**: Multi-key storage and management
- **Server**: Identity verification and OAuth-compatible endpoints

### Security Features
- AES-256-GCM encryption for private keys
- PBKDF2-based key derivation (10,000 iterations)
- Secp256k1 cryptographic signatures
- JWT-based session management
- Local storage with encrypted data only