Skip to main content
Cryptographic keys are required before you can apply for a Legal Identity or sign smart contracts and eDaler transactions. The Neuron manages key storage and signing on your behalf — you provide a password to protect each key, and include that password whenever you need the key used for signing.

Prerequisites

How keys work

The Neuron uses public key cryptography for digital signatures. When you create a key:
  1. The Neuron generates a key pair and stores the private key encrypted with your password.
  2. You receive a Key ID to reference the key in future calls.
  3. The Neuron never transmits the private key — it performs signing on your behalf when you provide the password in a request.
This means: if you lose the key password, the key cannot be used. Store it securely.

Step 1: List available algorithms

Retrieve the cryptographic algorithms supported by this Neuron: 
POST /Agent/Crypto/GetAlgorithms
Authorization: Bearer {token}
The response lists available algorithms with their security strength and whether they are considered safe curves. Choose an algorithm appropriate for your use case — for Legal Identities and contract signing, use one with a security strength of 128 or higher.

Step 2: Create a key

POST /Agent/Crypto/CreateKey
Authorization: Bearer {token}
Content-Type: application/json

{
  "localName": "MySigningKey",
  "namespace": "urn:example:myapp",
  "algorithm": "<algorithm name from GetAlgorithms>",
  "password": "<key password>"
}
The response confirms the key was created. The localName and namespace together identify the key — you will reference this key by name when signing.
The key password is not stored on the Neuron. It is only used at call time to decrypt the private key for signing. If you lose it, the key cannot be recovered.

Step 3: Retrieve the public key

You can retrieve the public key at any time — for example, to share it with parties who need to verify your signatures, or to retrieve the Neuron’s own server public key: 
POST /Agent/Crypto/GetPublicKey
Authorization: Bearer {token}
Content-Type: application/json

{
  "localName": "MySigningKey",
  "namespace": "urn:example:myapp"
}
Leave localName and namespace empty to retrieve the Neuron’s own public key instead.

Key naming conventions

Keys are identified by a localName and namespace pair. Use a consistent namespace tied to your application to avoid collisions, for example: 
localName: "identity-key"
namespace: "urn:mycompany:myapp:1.0"

Next steps