Uploading Documents
Uploading a document to the vault encrypts it with AES-256-GCM inside a TEE and stores the ciphertext on IPFS. This guide walks through the complete upload process.
Supported File Formats
The vault accepts common document formats including PDF and image files (JPEG, PNG, WEBP). There is a file size limit per document.
Step-by-Step Upload
Step 1: Open the Vault
Navigate to the Document Vault from the main application menu. If you have not signed in this session, you will be prompted to sign a message with your wallet to unlock the vault.
Step 2: Add a Document
Click the button to add a new document. This opens the upload dialog.
Step 3: Select Your File
Select a file from your device or drag and drop it into the upload zone.
Step 4: Choose Document Type
Select the category that best describes your document:
| Type | Description | Examples |
|---|---|---|
| Identity | Government-issued identification | Passport, National ID, Driver's License |
| Financial | Financial records and statements | Bank Statement, Tax Return |
| Education | Academic credentials | University Transcript, Diploma, Certificate |
| Legal | Legal documents | Court Order, Affidavit, Power of Attorney |
| Medical | Health-related records | Vaccination Record, Medical Report |
The document type is stored as on-chain metadata and helps organize your vault. Choose the most accurate type, as it cannot be changed after upload.
Step 5: Choose Attestation Type
Select who is attesting to the document's authenticity:
- Self-Attested: You are uploading the document yourself. No third party has verified it. The document is still encrypted and stored securely, but it does not carry institutional attestation.
- Verified: The document has been verified by an institutional attestor (e.g., through a KYC verification flow). This option may only be available if you have an active verification session.
Step 6: Upload
Initiate the upload. The interface will show progress as the document is encrypted, stored on IPFS, and recorded on-chain.
Step 7: Confirmation
Once complete, the document appears in your vault under the appropriate group (verified or self-attested). The card displays the document type, upload date, and attestation status.
What Happens During Upload
Behind the scenes, the upload process involves:
- Your file is transmitted to the TEE attestor over TLS.
- The TEE generates a unique salt and IV for this document.
- An AES-256 key is derived from your wallet secret and the salt.
- The file is encrypted with AES-256-GCM using the derived key and IV.
- The ciphertext is uploaded to IPFS through Pinata's private gateway.
- Metadata (CID, encryption parameters, document type, timestamp) is recorded on the Cartesi rollup.
- The plaintext and key are purged from TEE memory.
Uploading Multiple Documents
Documents are uploaded one at a time. Each document goes through its own encryption cycle with a unique salt and IV, ensuring that each file has an independent encryption key.
Tips
- Use PDF for multi-page documents. Scanning a multi-page document as a single PDF is more manageable than uploading individual page images.
- Verify image quality before uploading. Ensure scanned documents are legible, as the vault stores exactly what you upload.
- Choose the correct document type. The type is permanent on-chain metadata and helps organize your vault and any future verification requests.