Usage of the pubkey field in the resolver


While trying to improve our protocol design, we considered using the ENS as a store for user’s metadata. I think other projects might face the same situation so I think it would be beneficial to discuss the topic:

At iExec we want users to be able to encrypt the results of their tasks. For that we need a public key … which for now we store offchain in a key-value store. We are considering using the pubkey entry of the resolver, or a slot the the text entry. This would mean all users will need a (reverse registered) name … but we think it’s better than needing an ERC725 compatible proxy.

So our questions are:

  • Is anyone using the pubkey field in production ?
  • Should that be reserved to ethereum (secp256k1) public keys or would it make sens to place an RSA key there ?
  • Is there any argument against using ethereum keypair for encryption (in addition to signatures) ?

We added it for Whisper, but I don’t think they’re using it in production right now.

It’s only two uints, so it will only accommodate a 256 bit ECDSA key. For compatibility, it should be restricted to secp256k1.

IANAC, but I don’t think there’s an intrinsic risk to it.

1 Like

Another question you might help with: Do wallet provide a “decrypt” primitive ?

If the app has access to the private key (keyfile / mnemonic) then it can do anything with it … but most likely the key will be abstracted (metamask / ledger / …) In which case you need the abstraction to provide a decryption mechanism … I guess this is a question for the EthMagicians

Not as a rule, no.

One approach that would work is to generate a keypair you use for encryption, and sign the keypair with your main one. Then you can publish the signature to the chain (in ENS, even).