Welcome to Vereign. We are on the journey to building the first hardened self-sovereign identity and personal data store that answers to the user and is going to be useful from day one. Our first application for the Vereign identity are email and documents. We made this choice because both are essential to professional and private users alike. Email connects almost four billion people. It is one of the original use cases of the internet. But it has become riddled with malware, spam, scam, identity theft and impersonation attacks. Enough is enough.
Simplicity and usability are the keys to any solution that should be used by so many people. There may be a lot of technical complexity in the solution itself. But to the user the solution should feel simple, obvious and natural. So for our public beta we limited the number of features to expose, and rather start with a small, useful set – to be improved and expanded. Our goal is the smallest number of features and options that does the most useful job for the largest number of people.
Starting out
We are starting out with Gmail as the world’s largest email provider. Our first application available for testing is the Vereign Beta for Gmail extension for Google Chrome to be used on your desktop. You can download it from the Chrome Web Store. In order to use it, you will need your Vereign identity stored in your browser. This happens automatically when you sign up to the dashboard with the browser in which you installed the extension.
The dashboard application is available at app.vereign.com and allows you to manage your first personal Vereign identity. It supports name, address, birth date, social media as well as phone and email for communication. Phone and email can be verified automatically by means of a confirmation code. In the future, all parts of an identity can be confirmed by a number of means – hardening the identity for a variety of use cases.
Once you have the extension installed and identity set up, you are good to go. In the Gmail web interface the extension will add the Vereign bar to the top of the window. If turned on, each email sent will be identity verified, digitally signed and archived.
Profiles
The Vereign bar also allows choosing the profile to send with. Profiles are a novel concept which you can think of as a window into your identity that contains only the information you want to share. Each interaction, such as sending an email or signing a document, is conducted via a profile. Choosing the appropriate profile controls how much and which parts of your identity are confirmed as part of the interaction.
So typically you would create profiles for specific activities, types of interactions, or groups of people. An example would be a profile for travel, a profile for banking and financial, a profile for close friends, a profile for social media, or a profile for online shopping. Each of these situations will likely require different kinds of details of your identity. The system creates three default profiles during sign-up, which you can modify at will, and you can create any number of additional profiles as required.
Talking tech – what happens in the background
The concept of profiles is an intuitive, implicit way of having users manage their cryptographic keys. Any profile has its own, unique set of keys, including unique sets of keys on each device and Vereign uses one-time keys for each individual message and interaction, which is tied to the profile used. Because the profile is tied to a root identity, the keys establish a strong link to the identity of the person behind the identity without revealing anything more than required.
So when you send that message in Gmail, what actually happens is: the system generates a unique key for this message, associates it with the chosen profile key, inserts the identity header or footer as required, signs the mail in the S/MIME standard, archives it in your dashboard, and sends it off via Gmail.
In case you want to dig deeper, our white paper would be a good place to start.
What’s next
Sending signed email using multiple transactional identities has never been easier. And for the first time it is now possible to get verification of the identity of the sender as part of the message. That is where we are starting with this beta. Further features will be added step by step and we will also release the modules for Roundcube and the integration into LibreOffice is making good progress. More integrations are welcome.
What we would like you to do is help us understand whether you find the system easy enough to use, whether there is something that confused you, or whether you have an idea for what can be improved. Adding complexity will happen naturally as the solution matures. But what we would really like to learn: Can we make it simpler?
There is a feedback system built into the dashboard. And of course there is this forum.
Let’s use it – and thank you for being part of this journey.
Further reading
For an introduction into key based authentication and how to get started, The key in your pocket might be a good next read.