What is Galxe Passport?
Galxe Passport is your universal identity for Web3 adventures. It stores your identity information securely and anonymously. You will be able to use this as your universal identity across different applications for compliance purposes. You will also get your unique Galxe Passport Soulbound Token in your wallet to be distinguished as a verified individual. Enabling our partners to prevent Sybil attacks. Galxe Passport was created to be a secure, private way for users to store data. Users’ private information will be encrypted with their password. These data are only accessible to the user, all others (including Galxe) can only access these data upon the user’s permission. Users who want to obtain a Soulbound Token can do so by going through the verification process on Galxe which will then allow them to mint and claim the Galxe Passport Token.Technical documentation
Galxe Passport was designed on the principle that you have the right to your personal information — you should get to decide where, how, and with whom it’s shared. You should also be able to prove your personhood. We are committed to protecting your privacy and we have built Galxe Passport with control, security, and transparency in mind. In this section, we will describe in detail how we process and store encrypted user PII (Personal Identifiable Information).Tenets
- Galxe Passport’s PII should be fully managed by their owners and kept private safely - your data is never stored in plain text and will not be accessible by anyone (including Galxe) without your explicit permission.
- Owners can share their Galxe Passport data with external parties under strict consent by the owners only - using valid, non-replayable signatures and client side decryption with user password.
- When external parties receive Galxe Passport data, they should be able to verify its data integrity.
Data Flow
1 - Sumsub identity verification
Sumsub is the third-party vendor that helps run algorithms and check whether your ID is valid. They collect the identity information directly from you because they need to provide identity verification. When a user is prompted with a Sumsub verification embedded on galxe.com, we generate an UUID for the user and pass it to Sumsub. Sumsub uses this UUID to uniquely identifies a person, and group all verifications under the same UUID together. For now this UUID is stored in our database as user’s “Vendor Reference ID”. When the verification is approved, Sumsub informs Galxe and user now proceeds to the next step: constructing the Galxe passport.2 - Constructing Galxe Passport
User on Galxe is now guided to construct Galxe Passport from PII collected from their approved verification on Sumsub. There are 3 steps with two separate signatures needed:- (signing needed) Retrieve PII from Sumsub, signed by Galxe witness to ensure its integrity - let’s call this a signed credential
- Encrypt signed credential using user’s own strong password of choice
- (signing needed) Pass the encrypted data back to Galxe for storage, and create the Galxe Passport
2.1 - Retrieving PII from Sumsub
Using the UUID (Vendor Reference ID) generated for the user, we are able to retrieve the complete verification result from Sumsub. Example:Galxe proceeds to first clean up the data into our own Galxe Passport format. Example:
- Generate a 32-byte
salt
from a crypto-safe random number generator - Marshal (
user_address
,salt
,passport_data
) intocanon_json_str
, a canonical JSON string, then compute its hash usinghash = keccak256(cannon_json_str)
- Ask Galxe witness to sign the hash:
signature = ECDSA.sign(witness_priv_key, hash)
- Constructed signed credential
signed_cred = json.Marshal(SignedCred{Body: canon_json_str, Signature: signature})
- Return
signed_cred
to frontend
2.2 - User encryption on Galxe frontend
On Galxe frontend, user now inputs their strong password of choice to encrypt the signed credential usingAES-256-GCM
. Example code: