NeuClear ID aims to simplify the development of applications that require digital signatures. We have created a new PKI that is vastly simplified and based on common easy to understand standards such as http, xml and html. Very few people completely understand X509 and all its associated alphabet soup. In reality applications developers have prefered to stay away from that area and live without PKI because of the complexity. We have aimed to cut the complexity and use simple technology that developers already understand.

The basic rule of the PKI in NeuClear ID is that any Signed XML document counts as Signed Object as long as it is a “Enveloped Signature” and embeds it’s public key.

Key Management or not???

There are many complex key management protocols out there, but lets be honest. Who understands them all and how many have actually implemented them for more than just internal applications. NeuClear ID skips that whole process by requireing that the public key be shipped along with every message. In most cases this is not a lot of extract bulk. (My 1024bit RSA public key takes up exactly 323bytes in XML).

This basically means that any NeuClear Transaction can immediately verified, without any long boring key management code.

Object Identity

Every object within NeuClear ID is the Base32 encoded SHA1 digest of it’s Canonicalized form. Wow thats a big mouthfull, but what it means is that every object has a 32 character id, that is calculated by its content and not created by an external authority. NeuClear Messages do not have a ID field, they are themselves as a whole its ID.

Who’s who?

Every public key has a unique ID generated which is generated similarly to the object identity. It is the Base32 encoded SHA1 of the encoded public key. In a payment application you could say:

Pay “sfjaenowpzytkls4wtqdqhks7k55obbc” $100

However I could also create a Identity descriptor in html. See http://talk.org/pelletest.html for an example.

This descriptor is both human and machine readable. I can put little hints into it about various things, but the key is the signature. It includes my Public Key. I can actually tell a NeuClear Payment Server to do the following:

Pay “http://talk.org/pelletest.html” $100

Try it yourself at our new absolute beta NeuClear payment server NeuClear Bux

In the future these identity html files can include FOAF notation to build up your own web of trust managed PKI.

What about CA’s

I’m sorry, but in most cases it’s highly irrelevant what CA’s certify. We leave the CA’s out of the equation. A bank may need to know my address for legal reasons, but if I am buying an electronic download, do they really need to verify who I am or do they only need to verify that the person who paid is the person who gets the download?

Coding

Programming is very simple. See the Busy Developers Guide for a simple overview. To give a quick example of making a payment I’ve included the below snippet:

Asset asset=(Asset) Resolver.resolveIdentity("http://bux.neuclear.org/bux.html");
DefaultSigner signer=new DefaultSigner(new SwingAgent());
Builder builder=new TransferOrderBuilder(asset,"http://talk.org/pelletest.html",new Amount(amount),"transfer by code");
SignedNamedObject obj=builder.convert(signer);
TransferReceipt receipt=(TransferReceipt) asset.service(obj);

What the above does is that it first resolves an Asset descriptor, which is basically a more advanced version of the Identity descriptor I talked about earlier. Creates a Signer (see This post for more). It then creates an unsigned business object (XML behind the scenes), Signs it and sends it to the Assets web service, which sends back a Receipt.