FAQ3 min read
Frequently asked questions
The questions people ask in the first ten minutes of seeing this.
- What if I lose my private key?
- Generate a new keypair, add the new public key to your DID document, and keep the old one listed for a few months so existing signatures stay verifiable. Premium handles the rotation flow for you — the only thing you need to keep safe is your account password.
- Can someone else publish a fake did.json on my domain?
- Only if they control your domain. If an attacker takes over your domain, they can also change your website, email, and every other identity primitive built on it. Domain security is the foundation everything else rides on — and it's already an industry-grade problem most people have solved.
- Do I need to understand cryptography to use this?
- No. The same way you don't need to understand TLS to use HTTPS, or DKIM to use email. The button says "Sign" and "Verify". The math runs in the background.
- Why not just use a blockchain identity?
- Domains already have a globally trusted resolution system (DNS + TLS), they're renewable, brandable, and free of gas fees and chain selection. We use the W3C
did:webmethod specifically because it sits on top of what already works. - What happens to my signatures if Lovable shuts down?
- Your domain, your DID document, and every signature you've ever issued keep working as long as your domain resolves. The verifier is open and re-implementable in a few hundred lines of code.
- Can I sign things from outside the LinkedIn UI?
- Yes. Anything text-based — emails, blog posts, contracts, GitHub commits, even tweets — can carry a signed block. The Premium tools just make the common cases one click.
- Does this work for organisations, not just people?
- Yes. An organisation gets its own DID (e.g.
did:web:meridianhealth.io) and signs employment claims, press releases, and policy statements with it. It's the same primitive, applied to a different kind of identity.