Create Passport

Overview

Create a cryptographically-anchored Passport identity. Every human on HUMAN has a unique DID (Decentralized Identifier) bound to their devices and controlled by cryptographic keys they own.

What is a Passport?

The HUMAN Passport is:

• Cryptographically controlled - Your identity is proven by keys you control
• Device-rooted - Keys never leave your secure enclave
• Portable - Works across apps, devices, and platforms
• Human-owned - HUMAN cannot access or revoke your identity

Format: did:human:<uuid>
Example: did:human:550e8400-e29b-41d4-a716-446655440000

SDK Examples

typescript:TypeScript
```typescript
import { Passport } from '@human/sdk';

// Create a new Passport identity
const passport = await Passport.create({
  displayName: 'Alice Developer',
  
  // Optional: Specify key storage
  keyStorage: 'secure-enclave', // 'secure-enclave' | 'server' | 'hardware-key'
});

console.log('✓ Passport created');
console.log('DID:', passport.did);
// did:human:550e8400-e29b-41d4-a716-446655440000

console.log('Public Key:', passport.publicKey);
// Ed25519 public key (base64-encoded)

// Sign data with your Passport
const signature = await passport.sign({
  message: 'I authorize this action',
  timestamp: Date.now(),
});

console.log('✓ Data signed with Passport');
console.log('Signature:', signature);
```

python:Python
```python
from human_sdk import Passport

# Create a new Passport identity
passport = await Passport.create(
    display_name="Alice Developer",
    # Optional: Specify key storage
    key_storage="secure-enclave"  # 'secure-enclave' | 'server' | 'hardware-key'
)

print(f"✓ Passport created")
print(f"DID: {passport.did}")
# did:human:550e8400-e29b-41d4-a716-446655440000

print(f"Public Key: {passport.public_key}")
# Ed25519 public key (base64-encoded)

# Sign data with your Passport
signature = await passport.sign({
    "message": "I authorize this action",
    "timestamp": int(time.time() * 1000)
})

print(f"✓ Data signed with Passport")
print(f"Signature: {signature}")
```

go:Go
```go
package main

import (
    "fmt"
    "time"
    "github.com/human/sdk-go/passport"
)

func main() {
    // Create a new Passport identity
    passport, err := passport.Create(&passport.CreateOptions{
        DisplayName: "Alice Developer",
        // Optional: Specify key storage
        KeyStorage: "secure-enclave", // 'secure-enclave' | 'server' | 'hardware-key'
    })
    if err != nil {
        panic(err)
    }
    
    fmt.Println("✓ Passport created")
    fmt.Printf("DID: %s\n", passport.DID)
    // did:human:550e8400-e29b-41d4-a716-446655440000
    
    fmt.Printf("Public Key: %s\n", passport.PublicKey)
    // Ed25519 public key (base64-encoded)
    
    // Sign data with your Passport
    signature, err := passport.Sign(map[string]interface{}{
        "message": "I authorize this action",
        "timestamp": time.Now().UnixMilli(),
    })
    if err != nil {
        panic(err)
    }
    
    fmt.Println("✓ Data signed with Passport")
    fmt.Printf("Signature: %s\n", signature)
}
```

bash:REST API
```bash
# Create a Passport via REST API
curl -X POST https://api.human.xyz/v1/passport \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $YOUR_API_KEY" \
  -d '{
    "displayName": "Alice Developer",
    "keyStorage": "secure-enclave"
  }'

# Response:
{
  "did": "did:human:550e8400-e29b-41d4-a716-446655440000",
  "publicKey": "MCowBQYDK2VwAyEA...",
  "createdAt": "2026-01-10T12:00:00Z",
  "keyStorageType": "secure-enclave"
}
```

Cryptographic Details

Algorithm: Ed25519 (RFC 8032)
Key Size: 256 bits
Signature Size: 512 bits (64 bytes)
Library: @noble/ed25519 (constant-time, audited)

Key Storage Options:

• secure-enclave - iOS Secure Enclave, Android StrongBox (Production)
• server - Server-stored, KMS-encrypted (MVP/Development only)
• hardware-key - YubiKey, Ledger, or other FIDO2 device

Use Cases

users:User Onboarding|New users create their Passport as part of sign-up - Passport becomes their permanent identity across all HUMAN apps
building:Enterprise SSO|Employees create Passports linked to company directory - Single identity for all internal agents and tools
smartphone:Multi-Device Setup|Create Passport on primary device - Sync to other devices via cryptographic attestation
bot:AI Agent Identity|Create Passports for autonomous agents - Agents prove identity cryptographically in workflows

Security Considerations

do:Store private keys in secure enclave/hardware
do:Use Passport-Lite (server-stored keys) for MVP/development only
do:Enable multi-device sync for resilience
do:Set up recovery guardians (Shamir threshold)
dont:Never expose private keys in logs or error messages
dont:Don't use server-stored keys in production
dont:Don't create Passports without user consent

Next Steps

• Delegate Access - Grant an agent access to act on your behalf
• Verify Passport Offline - Verify identity without network
• Multi-Device Sync - Sync Passport across devices

See Also

• Concept Docs: Passport Overview
• API Reference: Passport API
• SDK Reference: Passport Class