What is Woleet.ID Server?

Woleet.ID Server is an open source web app to host inside your organization's IT system (it can also be hosted by Woleet).

Woleet.ID Server allows to manage the identities and the signature keys associated to your organization's users and seals, and to sign data using these identities using its signature API.

1042

Identities are made of identification information (e.g. name, email address, organization, etc.) and are associated to one or more signature keys (which are bitcoin key pairs created by the server). In short, Woleet.ID Server links bitcoin addresses to identification information and allows to verify that a given bitcoin address is associated to a given identity.

User Interface

The user interface of Woleet.ID Server Edition is restricted to administrators. It allows to:

  • Create a user and set his personal identity data.
  • Create a bitcoin address/key pair for a user.
  • Configure API tokens allowing to access Woleet.ID Server API.

API

The API exposed by Woleet.ID Server is documented as a Swagger/OpenAPI specification.
You can access the documentation here.

It provides:

  • A set of endpoints (dedicated to the client web app) allowing to manage users, keys, server events, and server configuration.
  • A /sign endpoint allowing authenticated users to sign some data using their bitcoin address (key pair). It can also be used to sign on behalf of users, provided that the caller provides a suitable API token.
  • A /identity endpoint (also called "Identity URL") allowing third parties to verify that your company actually owns a given bitcoin address (key pair) and to retrieve the personal identity data linked to this bitcoin address.

Security

Woleet.ID Server Edition is designed to protect the confidentiality and the integrity of bitcoin private keys, even in case of rooting of the hosting server: private keys are always encrypted in the database using an encryption key that the administrator needs to provide each time the server starts, and key management functions are isolated inside a secure module preventing access to private keys values by scanning the process memory.

In case of suspicion regarding a private key, it can be suspended/resumed via the user interface. In the same way, API tokens and users can be suspended/resumed.

Finally, any modification of the database managed by Woleet.ID Server is logged and can be inspected.