Self - Sovereign Entity Local Framework

A peer-to-peer identity solution providing self-sovereign identity management tools and widgets. Built with Yew WASM for client-side functionality and Rust backend for email verification.

Architecture

• Components: Reusable Yew components for identity management (registration, login, etc.)
• App: Reference implementation using the components
• Server: Backend for email verification and registration endpoints

Features

Registration Component

• Identity Collection: Name and email input with validation
• Email Verification: Server-sent events for real-time verification status
• Private Key Generation: Secure secp256k1 key pair generation
• Client-side Encryption: AES-256-GCM encryption of private keys with user password
• Key Confirmation: Requires user to copy and paste private key to confirm backup
• Single-page Flow: Progressive multi-step form without page navigation

Security Features

• Private keys generated and encrypted entirely client-side
• Password-based key derivation with salt and key stretching
• Secure key confirmation process prevents accidental loss
• No private keys transmitted to server

Quick Start

Prerequisites

• Rust (latest stable)
• trunk for WASM building: cargo install trunk
• wasm32-unknown-unknown target: rustup target add wasm32-unknown-unknown

Running the Application

1. Start the backend server:

   cd server
   # Default port (8080)
   cargo run
   
   # Custom port
   cargo run -- --port 9001
   

2. Start the frontend app:

   cd app
   # Default configuration (server: localhost:8080, port: 8000)
   ./serve.sh
   
   # Custom server URL
   ./serve.sh --server-url http://localhost:9001
   
   # Custom frontend port
   ./serve.sh --port 8001
   
   # Both custom server and port
   ./serve.sh --server-url http://localhost:9001 --port 8001
   
   # Using environment variables
   SELF_SERVER_URL=http://localhost:9001 ./serve.sh
   

3. Open your browser to the displayed frontend URL

Email Verification Flow

1. Enter name and email, proceed to verification step
2. Click "Send Verification" - check server console for verification link
3. Click the verification link in a new tab
4. The registration form will automatically update when verified
5. Continue with key generation

Key Generation Flow

1. Click "Generate Keys" to create a new key pair
2. Enter and confirm an encryption password (minimum 8 characters)
3. Copy the private key using the "Copy" button
4. Proceed to confirmation step
5. Paste the private key to confirm you saved it
6. Complete registration

Development

Project Structure

self/
├── components/          # Reusable Yew components
│   ├── src/
│   │   ├── registration.rs  # Main registration component
│   │   ├── crypto.rs       # Cryptographic utilities
│   │   └── lib.rs         # Component exports
│   └── Cargo.toml
├── app/                # Reference application
│   ├── src/lib.rs      # App implementation
│   ├── index.html      # HTML template with Bootstrap
│   ├── Trunk.toml      # Trunk configuration
│   └── Cargo.toml
├── server/             # Backend server
│   ├── src/main.rs     # Axum server with SSE support
│   └── Cargo.toml
└── Cargo.toml          # Workspace configuration

Using the Registration Component

use self_components::{Registration, RegistrationConfig};

let config = RegistrationConfig {
    server_url: "http://localhost:8080".to_string(),
    app_name: "My App".to_string(),
};

let on_complete = Callback::from(|(email, public_key): (String, String)| {
    // Handle successful registration
    console::log!("User registered: {} with key: {}", email, public_key);
});

html! {
    <Registration 
        config={config}
        on_complete={on_complete}
    />
}

API Endpoints

• POST /api/send-verification - Send email verification
• GET /api/verification-status/{email} - SSE stream for verification status
• GET /api/verify/{token} - Email verification callback
• POST /api/register - Complete user registration
• GET /health - Health check

Configuration Options

Backend Server:

• Command line: cargo run -- --port 9001
• Default port: 8080

Frontend App:

• Command line: ./serve.sh --server-url http://localhost:9001 --port 8001
• Environment variables: SELF_SERVER_URL, SELF_PORT
• Defaults: server http://localhost:8080, port 8000

Registration Component: The registration component accepts a RegistrationConfig with:

• server_url: Backend server URL (configured via build-time environment variable)
• app_name: Application name for branding

The component emits completion events with (email, public_key) tuple for integration with your application.

Security Considerations

• Private keys are generated using cryptographically secure random number generation
• Keys are encrypted client-side before any storage
• Password-based key derivation uses PBKDF2-like key stretching
• No sensitive data is transmitted to the server except public keys
• Email verification prevents unauthorized registrations

Production Deployment

For production use:

1. Replace mock email sending in server with actual SMTP integration
2. Add database storage for user data and verification states
3. Implement proper secp256k1 key generation (current implementation is simplified)
4. Add rate limiting for verification requests
5. Use HTTPS for all communications
6. Configure CORS appropriately for your domain

License

This project is part of the Hero Code ecosystem for decentralized identity management.