Create BAP Identity
Create and manage BAP (Bitcoin Attestation Protocol) identities using the bsv-bap library.
Installation
bash
bun add bsv-bap @bsv/sdk
Creating an Identity
typescript
import { BAP } from "bsv-bap";
import { PrivateKey } from "@bsv/sdk";
// Create BAP instance with new key
const privateKey = PrivateKey.fromRandom();
const bap = new BAP({ rootPk: privateKey.toWif() });
// Create identity
const identity = bap.newId("Alice Smith");
console.log("Identity Key:", identity.getIdentityKey());
console.log("Root Address:", identity.rootAddress);
console.log("Signing Address:", identity.getCurrentAddress());
Key Derivation
BAP uses Type42 (BRC-42) key derivation with BRC-43 invoice numbers:
| Purpose | Invoice Number | Security Level |
|---|---|---|
| Signing key | 1-bap-identity | 1 (public protocol) |
| Friend encryption | 2-friend-{sha256(friendBapId)} | 2 (user-approved) |
Signing Messages
typescript
import { Utils } from "@bsv/sdk";
const { toArray } = Utils;
// Sign a message
const message = toArray("Hello World", "utf8");
const { address, signature } = identity.signMessage(message);
// Verify (on any BAP instance)
const isValid = bap.verifySignature("Hello World", address, signature);
Friend Encryption
Derive friend-specific encryption keys for private communication:
typescript
// Get encryption pubkey for a friend (share in friend requests)
const friendPubKey = identity.getEncryptionPublicKeyWithSeed(friendBapId);
// Encrypt data for friend
const ciphertext = identity.encryptWithSeed("secret message", friendBapId);
// Decrypt data from friend
const plaintext = identity.decryptWithSeed(ciphertext, friendBapId);
Export/Import
typescript
// Export for backup
const backup = bap.exportForBackup("My Identity");
// { ids: "...", createdAt: "...", rootPk: "..." }
// Import from backup
const bap2 = new BAP({ rootPk: backup.rootPk });
bap2.importIds(backup.ids);
CLI Option
For quick operations, the bsv-bap package includes a CLI:
bash
npm install -g bsv-bap bap create --name "Alice" # Create identity (~/.bap/identity.json) bap sign "Hello World" # Sign message bap verify "msg" "sig" "addr" # Verify signature bap info # Show identity info bap friend-pubkey <bapId> # Get friend encryption pubkey bap encrypt <data> <bapId> # Encrypt for friend bap decrypt <text> <bapId> # Decrypt from friend bap export # Export backup JSON bap import <file> # Import from backup
Next Steps
After creating an identity:
- •Sign messages for authentication
- •Share encryption pubkeys in friend requests
- •Publish identity to blockchain for on-chain reputation
- •Integrate with Sigma Identity for OAuth (
@sigma-auth/better-auth-plugin)
Related Skills
- •
key-derivation- Type42 and BRC-43 key derivation patterns - •
message-signing- BSM, BRC-77, and Sigma signing protocols - •
encrypt-decrypt-backup- bitcoin-backup CLI for .bep encrypted backups