Language

Managing Signing Keys

This page explains how to manage keys used for signing and verifying MDS files.

Overview

MDS files saved in MIDAS are digitally signed. Digital signatures enable verification of the file creator and detection of tampering.

Whether to trust an MDS file depends on the signer's trust level. There are three trust levels:

Trust LevelDescription
OfficialSigned by MIDAS operator's key
TrustedSigned by your own key (self-signed) or a registered public key
UnknownSigned by an unregistered signer

Key pairs (a private key and public key) are stored in the browser's IndexedDB. Signing keys are managed in the Signing Keys tab of the Settings dialog. Select Help > Settings from the menu bar, then click the Signing Keys tab.

Signing Keys tab

Managing Your Key Pair

Generate a New Key

When you save or export an MDS file for the first time, a key pair is automatically generated (the signer name defaults to "Anonymous"). To generate manually, click the Generate New Key button in the Signing Keys tab. If a key pair already exists, this button is disabled. To generate a new key, first delete the existing one.

Enter a signer name in the dialog. This name is included in the signature and displayed when other users open the file.

Export Your Public Key

To share your public key with other users, click the Export Public Key button. A JSON file will be downloaded.

By giving this file to people you want to share MDS files with, they can verify that you are indeed the author of the MDS files when they open them.

Back Up Your Key Pair

To migrate your key pair to another browser or device, create a backup.

  1. Click the Backup Key Pair button
  2. Enter a password (required for restoration)
  3. Re-enter the password to confirm
  4. Click the Export button

The backup file is encrypted with the password. Store it in a safe place, as you cannot restore it if you forget the password.

Restore from Backup

To restore a key pair from backup, click the Import Key Pair button.

  1. Select the backup file (.json)
  2. Enter the password set during backup
  3. Click the Import button

If an existing key pair exists, it will be overwritten.

Change Signer Name

Click the Edit button next to the name in the My Signing Key section to change the signer name.

Delete Key Pair

Click the Delete Key button to delete the key pair. This cannot be undone. If you generate a new key after deletion, it will have a different fingerprint from the previous signature.

Registering Others' Public Keys

By registering a public key received from another user, you can treat that user's signatures as trusted.

Import a Public Key

  1. Click the Import Public Key button in the Trusted Keys section
  2. Select the public key file (.json)
  3. Verify the fingerprint
  4. Enter a name for identification
  5. Click the Register button

Register Trusted Key dialog

The fingerprint is a unique identifier calculated from the public key. When receiving a public key, we recommend verifying the fingerprint through a separate channel (email, chat, etc.).

Edit Registered Key Name

Click a key in the Registered keys list to view details. Click the Edit button to change the name.

Delete Registered Key

Click the Remove button in the Registered keys list to unregister. After removal, signatures from that key will be treated as Unknown.

About Official Keys

The Official section in Trusted Keys displays the MIDAS operator's keys. Signatures from official keys are always treated as trusted.

Official keys cannot be edited or deleted.

Opening MDS from Unknown Signers

By default, MIDAS opens MDS files with unknown signatures without showing a confirmation dialog. The signature badge in the top-right of the menu bar shows the trust level of the current project; click the badge to see the full fingerprint and optionally register the signer as trusted. See Signature badge and trust levels for details.

Recommended: Before receiving MDS files from a collaborator, ask them for their public key and register it as trusted. Then all files signed with that key open as Trusted without further action.

Strict mode: confirmation dialog for unknown signatures

If you regularly receive MDS files from untrusted sources, enable Require confirmation for unknown signers under Settings > Security. With strict mode on, a confirmation dialog appears every time you open an MDS file signed with an unknown key.

The dialog displays the signer's self-declared name and fingerprint, and offers three choices:

  • Cancel: Close the dialog without opening the file
  • Trust this signer and open: Enter a name for the signer, register their key as trusted, and open the file in the same step
  • Open Anyway: Open the file once without registering the key

Note: The signer's name is self-declared. To verify that a key really belongs to the stated owner, contact them through a separate channel and compare fingerprints. When receiving MDS files for the first time, we recommend asking for the public key as well.

When Signature Verification Fails

If the file content was modified after signing, or if the file was corrupted during transfer, signature integrity verification fails. MDS files that fail integrity verification cannot be opened. Ask the sender to resend the file.

See also