Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for providing verifier #234

Open
sondreb opened this issue Jun 17, 2022 · 3 comments
Open

Add support for providing verifier #234

sondreb opened this issue Jun 17, 2022 · 3 comments
Labels
bug Something isn't working enhancement New feature or request pinned a known issue or feature that should not be closed by bots

Comments

@sondreb
Copy link

sondreb commented Jun 17, 2022

It is currently possible to specify a custom signer, but it's not possible to specify a custom verifier.

createJWT allows signing with custom algorithm, like "SS256K" (Schnorr), but it's not possible to specify the verifier using the verifyJWT, so if the JWT/JWS is signed with a custom signer, the verifier will fail.
@sondreb sondreb added the enhancement New feature or request label Jun 17, 2022
@mirceanis mirceanis added bug Something isn't working pinned a known issue or feature that should not be closed by bots labels Jun 17, 2022
@mirceanis
Copy link
Member

Very true.

This is related to #170 in the sense that if this library were more modular you would be able to load custom verifiers too.

Otherwise the solution is to add a SS256K verifier to the embedded bunch already supported.

If that doesn't come with extra dependency baggage, it would be a quick fix, but since I haven't worked with SS256K before I'm not aware of the existing implementations out there.

Do you have insight into this, @sondreb ?

@sondreb
Copy link
Author

sondreb commented Jun 17, 2022

We have in our identity wallet, previously migrated to @noble/secp256k1, so to avoid dependency on yet another library for the same purpose, I wanted to create our own Signer and Verifier using that library. It's not super important to use the new library, though it's very clean, zero dependencies and very fast.

did-jwt relies on elliptic package (doesn't appear to be any development on it for year and a half) which does not implement BIP0340 (Schnorr signatures), so adding support for "SS256K" wouldn't be possible without doing something with dependencies.

Couple of unrelated things I noticed:

  • The example in README.md uses publicKey instead of verificationMethod.
  • There is no support for JsonWebKey2020 (and JsonWebSignature2020), but need to use EcdsaSecp256k1VerificationKey2019.

My preferred option would be to use JsonWebKey2020 with an Schnorr Public Key, which only defines the x coordinate. Guess that could be marked by setting the "crv" on the jwk field to "SS256K", mapping that to the exact same value as the "alg" on the signed JWT/JWS. I already had a working implementation using "publicKeyMultibase", but was not sure if JWK was a "better" option.

@sondreb
Copy link
Author

sondreb commented Jun 26, 2022

60987e0 fixes what I mentioned here with no support for JsonWebKey2020. Thanks!

@mirceanis mirceanis mentioned this issue Jul 5, 2022
Open
@mirceanis mirceanis mentioned this issue Jan 17, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working enhancement New feature or request pinned a known issue or feature that should not be closed by bots
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sondreb @mirceanis