Why activate the device atSign on the client?

When you activate an atSign, you are doing a handful of steps to prepare the atSign for use. One of these steps is cutting a unique set of cryptographic keys.

The first time you activate, this set of keys that gets generated is a set of management keys. These keys have full permissions to your atServer, the personalized service which powers your atSign.

We recommend cutting the management keys on the client for a few reasons:

It's extremely important that you don't lose these keys:
1. They are less likely to get lost on your client machine than on your device.
2. If a device is stolen you still have your management keys to recover from the theft.
For each device we can issue it's own set of cryptographic keys which has a few perks:
1. This allows us to limit the permissions of those keys to the bare minimum required for NoPorts.
2. If a device gets compromised, we can safely revoke the set of cryptographic keys associated with that device, without affecting the other devices using the same atSign.

Last updated 10 months ago