IdentiKey
Identity SystemsDecentralized identity and data sovereignty infrastructure using dCypher proxy re-encryption (recryption) technology to enable user-controlled encrypted cloud storage and sharing. Provides self-sovereign identity with persona management, a cross-account attestation-based social graph and trust/reputation network, self-sovereign single sign-on, blockchain-agnostic wallet functionality, and verifiable data publishing — all with user-custodied private keys and without trusting central intermediaries
Hybrid Community Low capture risk
Details
License Open source
Dev Status Released
Owner Duke Jones / Sovereign Technologies (duke@worldtree.io); IdentiKey project (identikey.io)
Country USA
Start Year 2017
Funding Grant, Foundation
Last Investigated Mar 10, 2026
Identity System / Design Attributes
Authentication & Identity Self-sovereign identity with user-generated cryptographic keypairs; multiple personas per user (each persona is a signed DID with self-attested metadata that can be pseudonymous or linked to legal identity); self-sovereign single sign-on via private key authentication integrated with popular web frameworks; persona switching with protections against correlatable data leakage across personas
Storage Model Encrypted cloud storage via dCypher proxy (user-controlled keys; storage provider never sees plaintext even if hacked); verifiable data registry using content-based addressing (hash-referenced, self-verifying); supports existing cloud providers (iCloud, Google Drive)
Interoperability Works with existing cloud storage providers via dCypher proxy integration; blockchain-agnostic wallet functionality (per-blockchain plugins); planned integrations with popular web frameworks for Web2 self-authentication; interoperable data ecosystems with user-controlled read/write permissions to third-party applications
Data Portability Full portability (user owns encryption keys; data can move between services; content-addressed storage allows data to be stored in any compatible service)
Governance & Decision Making Individual/project-led (Duke Jones / Sovereign Technologies)
Identity Standards Self-sovereign identity (SSI) principles; W3C DID (account-published DIDs); Zero-Knowledge Proofs (ZKPs) for anonymized authoritative attestation verification
DID Methods Supported Account-published DIDs (self-signed DID documents; specific DID method TBD)
Key Management User-custodied private keys stored on-device using secure local storage and device-specific secure enclaves; wallet keys separable from account keys and attachable to different personas; MPC-based multisig without smart contracts for shared account management
Credential Types Self-attested metadata (cleartext or encrypted with selective disclosure); cross-account attestations (directed graph between accounts); authoritative attestations (KYC-style, can be anonymized via ZKP); attestation schemas with morphisms across compatible schemas
Verification Method Cryptographic signature verification (data signed by author keys for provenance and authenticity); content-hash self-verification for data integrity; ZKP for anonymous proof of authoritative attestations
Privacy Features Proxy re-encryption (data remains encrypted to service providers); selective disclosure (ZKP to demonstrate proof of a value/signature without disclosing it, hierarchical tree-based public-key encryption, proxy re-encryption for access delegation); per-item encryption (sweeping data breach impossible); real-time AI agent activity feed and control panel
Authentication Methods Private key-based self-authentication (self-sovereign SSO); planned integrations with popular web frameworks for Web2 login experience
Revocation Mechanism User-controlled revocation of viewing passes / access permissions at any time; AI agent permissions instantly revocable via control panel
Agent Types Supported Humans (interactive, with multiple personas); AI agents (secure delegation of specific data access permissions with real-time activity monitoring); non-interactive entities (via MPC-based multisig)
Wallet/Client Types Identity management dashboard (web/mobile planned); blockchain-agnostic wallet with per-blockchain UX plugins; MPC-based multisig for group account management
Recovery Mechanisms Federated guardian system (opt-in): user chooses n guardians; recovery key sharded across guardians; recovery requires authenticating with a subset of chosen guardians using multiple methods (username/password, SMS, TOTP, etc.); guardians are trusted entities with professional uptime guarantees; system remains firmly non-custodial
Compliance / Regulations Privacy-first design (zero-knowledge to service providers); d/acc compliant (decentralized, democratic, differential, defensive); reduced attack surface for PII storage; ESIGN Act compatibility for legally binding cryptographic signatures (Ricardian Contracts support)
Credential Exchange Protocols Verifiable data registry (content-addressed, hash-referenced, signed attestations published to platform-agnostic data storage layer); selective disclosure via ZKP, hierarchical encryption, and proxy re-encryption
Trust Framework User sovereignty + cryptographic verification (no central authority); attestation-based directed social graph forming decentralized trust/reputation network; authoritative attestations for sybil-resistance (anonymizable via ZKP)
Cost Model Free (d/acc democratic access principles)
Censorship Resistance High (user controls keys; no central authority can revoke access; data encrypted end-to-end; content-addressed storage can use any compatible service)