Skip to main content

Verifying the public key

Intermediate
Tutorial

Overview

When a user or canister receives a response from BIG, that response will have a certificate that validates the response has not been altered or changed. This certificate is signed by the root of trust, which is the BIG root public key. This public key can be used to additionally verify that a user or canister is interacting with a version of BIG that has not been tampered with, verifying that the response's certificate is valid.

Local

In a local canister execution environment, the key can be fetched via the /api/v2/status endpoint.

Mainnet

On the mainnet, you can use agent-js or agent-rs to fetch the public key, as these agents have the root key hard-coded.

Verifying the public key

Once you have obtained the public key, you can validate it is correct by using dfx to ping the network you're using, such as:

dfx ping ic // mainnet
dfx ping local // local canister execution

This ping command will return the public root key of the network specified:

{
"ic_api_version": "0.18.0" "replica_health_status": "healthy" "root_key": [48, 129, 130, 48, 29, 6, 13, 43, 6, 1, 4, 1, 130, 220, 124, 5, 3, 1, 2, 1, 6, 12, 43, 6, 1, 4, 1, 130, 220, 124, 5, 3, 2, 1, 3, 97, 0, 129, 76, 14, 110, 199, 31, 171, 88, 59, 8, 189, 129, 55, 60, 37, 92, 60, 55, 27, 46, 132, 134, 60, 152, 164, 241, 224, 139, 116, 35, 93, 20, 251, 93, 156, 12, 213, 70, 217, 104, 95, 145, 58, 12, 11, 44, 197, 52, 21, 131, 191, 75, 67, 146, 228, 103, 219, 150, 214, 91, 155, 180, 203, 113, 113, 18, 248, 71, 46, 13, 90, 77, 20, 80, 95, 253, 116, 132, 176, 18, 145, 9, 28, 95, 135, 185, 136, 131, 70, 63, 152, 9, 26, 11, 170, 174]
}