Notes on 3Box

Jon Schwartz
May 2, 2019 · 2 min read

In our last post, we talked about OrbitDB’s design philosophy — aiming for maximum developer flexibility by staying agnostic to underlying strategies like encryption and identity. This article explores 3Box — an example of an OrbitDB use case with specific implementations of identity and encryption. 3Box provides social profiles for web3 applications, using Ethereum key pairs to handle access-control, account-recovery, and encryption.

Image for post
Image for post


Applications can request a signature with a specific consent message to read private data or write to a user’s 3Box. The user can sign the message with an Ethereum key pair. The entropy in the returned signature is used to create an encryption key for decrypting private data from the user’s store and a signing key for signing requests to make updates to a user’s store.

An application that doesn’t have access to the signed consent message won’t be able to generate key pairs to write to a user’s store and read private data.


A user’s OrbitDB key pairs are stored in the browser, posing an identity-recovery problem if the browser is cleaned or changed. 3Box generates Orbit key pairs deterministically from a user’s ethereum address. This means that a user can change browsers or switch devices and maintain their Orbit keys as long as they maintain access to their Ethereum wallet.


An Ethereum address has a minimum of three Orbit databases — a root store, a public store, and a private store (other stores might be application specific spaces). In the future, 3Box plans to allow multiple addresses to be associated with an Orbit root store.

The encryption scheme for adding a key-value entry into the user’s private store can be found here. To summarize, 3Box computes a hash of the key the user wishes to store. The value is then encrypted with the encryption key generated from the user’s signature (referenced in the “access-control” section). The hashed key and encrypted value are stored in the user’s private data store.

Schema design

3Box is actively researching IPLD/JSON-LD compatible data structures and has already started storing values (such as the user’s image) in IPLD formats. More work on this area to come.

. . .

At Open Work Labs, we’re working with Autark to build Aragon profiles with 3Box.

. . .

Thank you to the 3Box team for reviewing this post and their awesome help along the way!

Open Work Labs

A peer-to-peer software studio.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store