I store my profile.json in a gist (https://gist.github.com/vbrandl/cd0c98363eebc474b535bb4e44574a23) and put https://gist.githubusercontent.com/vbrandl/cd0c98363eebc474b535bb4e44574a23/raw in my zonefile.
Which private key from my wallet do I need to use to generate my profile.json? I tried every owner key I found but I wasn’t able to verify that it worked using blockstack lookup vbrandl.id
When setting the debug environment variable I get the following errors when looking up my id:
Failed to verify with public key hash '3JKZyQ9NFLrNhTMa2xoGp47xTzHfYaaFu7' ('1HdZ3revhSXzcHf8us8gPRm2KTzx2YiS8N')
...
Unparseable data from 'https://gist.githubusercontent.com/vbrandl/cd0c98363eebc474b535bb4e44574a23/raw'
The library needs a private owner key to sign the data.
Yes, but it’s not one of the ones you used.
Modern wallets have three private key information bundles: owner_privkey, payment_privkey, and data_privkey. The key you want to use to sign your profile is the (single) data_privkey private key.
The owner_privkey is used to execute name operations on the blockchain (registrations, updates, transfers, etc). The payment_privkey is used to pay for those operations. The data_privkey is used to sign any data associated with your name (like profile.json files). You can tell that it’s the data key because its public key will be present in your zonefile as a TXT record.
Assuming you want your profile.json to follow our Person schema [1], the JSON you want will be in your gist’s claim property. The JSON you uploaded is a decoded JWT that contains a Person object.
When setting the debug environment variable I get the following errors when looking up my id:
Blockstack verifies your profile in the following way:
look up the zonefile
If the zonefile does NOT have a public key, then go to 6
get the zonefile’s public key
decode the profile.json
use the zonefile public key to verify it. If authentic, then success! otherwise abort.
decode the profile.json as a JWT, and extract the public key
verify that the profile.json with the public key
verify that the public key’s address is the same as the name’s owner key. If authentic, then success! otherwise abort.
The check in step 2 is needed because names registered via onename.com do not have data public keys (since there’s no way for us to give them to the owner without also learning the private key). As a work-around, these names’ profiles will be signed by the owner key. Version 0.14.1 of the client (not yet released) will include a way to automatically generate data private keys and update the zonefiles for names transferred out of onename.com.