From couple of days, i have been looking into IPNS and key authentication and learned that IPNS provide a way to create and authenticate filesystem by using key on IPFS node but from user point of view, it’s not secure for user to create or send his key over the network to modify his filesystem so Is there any way for user to generate signature with data and then send over IPFS network for authentication?
I can create client side application that generate signature with data but is there any interface for signature authentication and after that publish data over the IPFS node?
Sorry for bad english.
What is the real use case?
Probably you want to use a different kind of authentication, and rely on IPFS just for storage.
You might want to look into Ethereum dApps and how they manage authentication
But maybe the use case is very very different and needs to reimplement the wheel.
I want for users to have a separate and authenticated file system on IPNS using their own namespace where they can modify or create new filesystem using their key but give only signature while publishing data.
I know how ethereum work but blockchain is a single merkle DAG and use for only transaction not storage while on IPFS, you can create your own separate DAG but it’s not authenticated, I guess because anyone who have access to IPFS node can add any object in the DAG if i’m not wrong?
IPFS provide authentication using IPNS but key stored on IPFS node, whoever access to the IPFS node can get the key from that node. For using on multiple IPFS node, I have to stored the key on every IPFS node. Is should be way to accept only signature with data for authenticate that could work on any IPFS node on network.
We (Peergos) asked for that in 2016 (https://github.com/ipfs/notes/issues/117). It would be a great addition based of the principle of least authority. A prerequisite is agreeing a multikey format for public keys: (https://github.com/ipfs/specs/issues/58) We’ve since worked around it, but we’d still like it as a backup for our IPNS replacement.
It sounds like you might be interested in Peergos.
Nice! I love how you done it. I want similar functionality in my project that could work with blockchain so i have a question how you’re achieving authorization in your project?
Sorry, only just saw this response. The high level summary is we are capability based, and the owner of a file can revoke capabilities to users (by rotating the keys). You can read more about this here:
https://book.peergos.org/security/cryptree.html
and here:
https://book.peergos.org/security/login.html