x509 Certificate metadata and related metadata are within a x509 Registration/Update transaction.
The Structure of an x509 certificate metadata contains 5 keys:
- 0:Purpose - 128bit UUID V4 of the metadata purpose
- 1:txn-inputs_hash - Hash of the transaction inputs
- 2:previous_transacton_id - Hash of the immediate proceeding transaction in a series of updates.
10,11,12: 509 chunked data - Compressed x509 update data
- 99:Validation signature - Signature over the entire auxiliary data attached to the transaction.
Key 10, 11 or 12 - x509 chunked data.
It used to store large x509 RBAC (Role-Based Access Control) registration data in Cardano transaction metadata.
Core Requirements
- A Role 0 signing key must always be defined. -I t must be tied to an on-chain key (e.g., a stake address hash).
- The RBAC data references the transaction it’s attached to and can’t be validated independently.
Encoding & Compression Process
- Prepare x509 Role Registration Data and encode with dCBOR → raw data.
- Compress the raw data using: Brotli, or ZSTD, or No compression (raw) if smaller.
- Choose the smallest result (Raw, Brotli, or ZSTD). Split the chosen data into 64-byte chunks (last chunk may be shorter). Store chunks in an array under one of these metadata keys:
- 10 → Raw (no compression)
- 11 → Brotli compressed
- 12 → ZSTD compressed
Step by Step Process of Decoding Keys 10 -12 of x509 Certificate Metadata
- This is the main invoke method in the action class.
- Rebuild the certificate bytes.
- Extract certificate from CBOR
- Extract Ed25519 public key:
- Generate Catalyst Profile ID
- Extract Stake Address
Be the first to share your thoughts!