Process: Create a Connection between Identity Owners - Quintor/StudyBits GitHub Wiki

This process explains how two Identity Owners (IO1 and IO2) are creating a connection.

IO1 creates a new wallet, W1
IO1 creates a new DID (DID1) and Verification Key (VerKey1) from IO1 seed
IO1 stores DID1 and VerKey1 in W1
1. The DID creation and storing is done with did.create_and_store_my_did
IO1 creates creates a ConnectionRequest (ConReq), which is a HashMap with keys: did and nonce.
1. did is the newly created DID1
2. nonce is a cryptographically ensured random number
IO1 sends the ConReq to the Indy Ledger together with VerKey1
1. Request is built with Legder.buildNymRequest
2. Request is signed and submitted with Legder.signAndSubmitRequest
IO1 sends the ConReq to IO2 off-chain

IO2 receives the ConnectionRequest (ConReq-R) from IO1 off-chain
IO2 creates a new wallet, W2
IO2 creates a new DID (DID2) and Verification Key (VerKey2) from IO2 seed
IO2 stores DID2 and VerKey2 in W2
IO2 retrieves the ConnectionRequest (ConReq-L) with the DID of ConReq-R from the Indy Legder
IO2 retrieves the VerKey1 for ConReq-L from the Ledger
IO2 creates a ConnectionResponse, which is a HashMap with keys: did, verkey, and nonce
1. did is the DID1 from ConReq-R.
2. verkey is the Verkey1 for ConReq-L
3. nonce is the Nonce retrieved from the ConReq-L
IO2 sends the ConnectionResponse to IO1 using Crypto.anonCrypt
IO2 receives a EncryptedResponse as return value from the last step.
IO2 decrypts the EncryptedResponse using Crypto.anonDecrypt
IO2 checks that the Nonce in EncryptedResponse is equal to Nonce in ConReq-R
1. If yes,
  1. IO2 sends a ConnectionResponse with to the Ledger with
    1. The VerKey1 received for ConReq-L
    2. The DID2 of W2
    3. The VerKey2 newly created for W2
  2. IO2 sends a ConnectionResponse to IO1 off-chain with the same data.
2. If no, IO2 doesn't send the connection response.