tool · quid generator

Generate a Quidnug identity in your browser.

A quid is the identity primitive in Quidnug: an ECDSA P-256 public key plus the first 16 hex characters of its SHA-256 digest. This page generates one entirely in your browser via the Web Crypto API. No bytes touch our server. No account required. The private key never leaves your device.

your new quid

QUID ID

—

Public key compressed · 33 bytes

—

Private key JWK · keep secret

[hidden]  click 'reveal' to show

Save this now. If you close this tab without downloading or copying the private key, it is gone. There is no recovery path. We cannot help you. The only safe move is to download the JSON, then store it somewhere durable (password manager, hardware token, paper backup).

Want this in CLI-compatible form?

For full byte-identical compatibility with the reference Go node, run quidnug-cli keygen --out my.key.json --name alice from any machine that has the binary. The web tool is fine for tutorials, demos, and any quid that doesn't guard real assets. For production keys, prefer offline generation in a hardware-backed environment (HSM, YubiKey, Touch ID via WebAuthn, etc.).

What can I do with my new quid?

A quid is the address of a cryptographic identity. By itself it does nothing. Below are the six immediately useful things any quid unlocks, in increasing order of commitment.

01

Sign your first transaction

Run a node locally (Docker or the Go binary) and post your quid as an IDENTITY transaction. Five minutes from now you'll have signed and verified your first state change.

Walkthrough →

02

Validate a domain you own

Bind your quid to a domain via DNS challenge and get a third-party-signed attestation that your customers can verify. This is the paid product but the free tier is real.

How validation works →

03

Sign a trust edge

Declare "I trust quid B at level 0.9 in domain X". That signed edge is the atom of the entire protocol. Compose them into a graph and watch the BFS pathing do real work.

Trust concept →

04

Install a guardian quorum

Choose 3 of 5 (or any M of N) people or organizations you trust. They get to recover your quid if the key is lost, with a time-locked veto window so you can stop a compromised quorum.

Key lifecycle →

05

Peer with the public network

Open a peering request from this quid against the seed roots. On approval, your blocks tier as Trusted in the domains you asked for; you reciprocate within 72 hours.

Join the network →

06

Plug it into your stack

Every SDK signs against the same canonical bytes spec, byte-for-byte. Python, Go, JS/TS, Rust, and the rest all verify each other's signatures. Drop the JSON file into your app secrets and start signing.

All SDKs →

Anatomy of a quid

Curve ECDSA P-256 (NIST secp256r1, SHA-256)

Public key 33 bytes compressed (or 32-byte X-only / 65-byte uncompressed)

Private key 256-bit secret scalar; never leaves your device

Quid ID First 16 hex characters of sha256(publicKey)

Signing ECDSA over canonical bytes; byte-identical across every SDK

Lifecycle AnchorRotation · AnchorInvalidation · M-of-N guardian recovery with time-lock veto

See Quids (concept) for the formal protocol definition, and Key lifecycle for what happens when keys get lost, rotated, or compromised.