name: create-bap-identity description: This skill should be used when the user asks to "create BAP identity", "new BAP", "Type42 identity", "Legacy BAP identity", "generate BAP", "set up BAP identity", "initialize BAP", or needs to create Bitcoin Attestation Protocol identities using the bap CLI.
Create BAP Identity
Create and manage BAP (Bitcoin Attestation Protocol) identities using the bsv-bap library.
Installation
bun add bsv-bap @bsv/sdk
Creating an Identity
import { BAP } from "bsv-bap";
import { PrivateKey } from "@bsv/sdk";
// Create BAP instance with new key
const privateKey = PrivateKey.fromRandom();
const bap = new BAP({ rootPk: privateKey.toWif() });
// Create identity
const identity = bap.newId("Alice Smith");
console.log("Identity Key:", identity.getIdentityKey());
console.log("Root Address:", identity.rootAddress);
console.log("Signing Address:", identity.getCurrentAddress());
Key Derivation
BAP uses Type42 (BRC-42) key derivation with BRC-43 invoice numbers:
| Purpose | Invoice Number | Security Level |
|---|---|---|
| Signing key | 1-bap-identity | 1 (public protocol) |
| Friend encryption | 2-friend-{sha256(friendBapId)} | 2 (user-approved) |
Signing Messages
import { Utils } from "@bsv/sdk";
const { toArray } = Utils;
// Sign a message
const message = toArray("Hello World", "utf8");
const { address, signature } = identity.signMessage(message);
// Verify (on any BAP instance)
const isValid = bap.verifySignature("Hello World", address, signature);
Friend Encryption
Derive friend-specific encryption keys for private communication:
// Get encryption pubkey for a friend (share in friend requests)
const friendPubKey = identity.getEncryptionPublicKeyWithSeed(friendBapId);
// Encrypt data for friend
const ciphertext = identity.encryptWithSeed("secret message", friendBapId);
// Decrypt data from friend
const plaintext = identity.decryptWithSeed(ciphertext, friendBapId);
Export/Import
// Export for backup
const backup = bap.exportForBackup("My Identity");
// { ids: "...", createdAt: "...", rootPk: "..." }
// Import from backup
const bap2 = new BAP({ rootPk: backup.rootPk });
bap2.importIds(backup.ids);
CLI Option
For quick operations, the bsv-bap package includes a CLI:
npm install -g bsv-bap
bap create --name "Alice" # Create identity (~/.bap/identity.json)
bap sign "Hello World" # Sign message
bap verify "msg" "sig" "addr" # Verify signature
bap info # Show identity info
bap friend-pubkey <bapId> # Get friend encryption pubkey
bap encrypt <data> <bapId> # Encrypt for friend
bap decrypt <text> <bapId> # Decrypt from friend
bap export # Export backup JSON
bap import <file> # Import from backup
Next Steps
After creating an identity:
- Sign messages for authentication
- Share encryption pubkeys in friend requests
- Publish identity to blockchain for on-chain reputation
- Integrate with Sigma Identity for OAuth (
@sigma-auth/better-auth-plugin)
Related Skills
key-derivation- Type42 and BRC-43 key derivation patternsmessage-signing- BSM, BRC-77, and Sigma signing protocolsencrypt-decrypt-backup- bitcoin-backup CLI for .bep encrypted backups