JWE / DIDComm Integration #5
Comments
|
Also wondering if JWT was considered, since it could theoretically be used to support public signed information in the future... As I understand edv, there is intentionally no support for storing of signed plaintext. |
|
@OR13 - Sure thing, I'll see if I can rustle up an example JWE, with key material.
That's exactly it, yeah, one of the core design considerations says "To accomplish this, the data must be encrypted both while it is in transit (being sent over a network) and while it is at rest (on a storage system)." And that needs to be capitalized to MUST be encrypted, because for various reasons (mostly having to do with plausible deniability), vaults should never ever store plaintext (even if it's signed). Now, whether or not that requirement can survive the standardization process (because like you've seen from the EDV/Data Hub sessions at IIW, several parties want to be able to store non-encrypted data) remains to be seen, but for now, it's intentional. |
|
It may be helpful to retain the distinction, possible that these other concerns will be solved in another layer, like Agents or other Hub Extensions, etc... |
|
@OR13 Here's an example document with envelope: {
"id":"z19x9iFMnfo4YLsShKAvnJk4L",
"sequence":0,
"indexed":[
{
"hmac":{
"id":"urn:mockhmac:1",
"type":"Sha256HmacKey2019"
},
"sequence":0,
"attributes":[
]
}
],
"jwe":{
"protected":"eyJlbmMiOiJDMjBQIn0",
"recipients":[
{
"header":{
"kid":"urn:123",
"alg":"ECDH-ES+A256KW",
"epk":{
"kty":"OKP",
"crv":"X25519",
"x":"d7rIddZWblHmCc0mYZJw39SGteink_afiLraUb-qwgs"
},
"apu":"d7rIddZWblHmCc0mYZJw39SGteink_afiLraUb-qwgs",
"apv":"dXJuOjEyMw"
},
"encrypted_key":"4PQsjDGs8IE3YqgcoGfwPTuVG25MKjojx4HSZqcjfkhr0qhwqkpUUw"
}
],
"iv":"FoJ5uPIR6HDPFCtD",
"ciphertext":"tIupQ-9MeYLdkAc1Us0Mdlp1kZ5Dbavq0No-eJ91cF0R0hE",
"tag":"TMRcEPc74knOIbXhLDJA_w"
}
}
|
|
I take it this was generated with https://github.com/digitalbazaar/minimal-cipher in the example |
|
@OR13, yes, a DID key could be used. If someone wanted to advertise such a key so they could decrypt that JWE/document, then their DID Document would need to express that the key is authorized for the purpose of {
"@context": "...",
"id": "did:example:123",
"keyAgreement": [{
"id": "did:example:123#kid",
"type": "X25519KeyAgreementKey2019",
"publicKeyBase58" : "ztQ2JQy17Ue7bMGd2qYYbt1XX5awB7obHYyZgZmGieW"
}],
"..."
} |
|
oooh.... why is This is a really helpful example, Peer DIDs and DIDComm are working on very similar things, I really want to add an edv example to the interop project under DIF so there is a working implementation for people to prove interoperability against. |
|
I can see easy interoperability path if we use |
It should be better explained in the spec. We're doing an insufficient job in the spec at the moment explaining that it's important for a DID controller to express authorization relations between the DID subject and its verification methods, and to express the purpose of a proof within a proof itself (or to ensure the purpose of some key usage is implicitly understood according to protocol). This concept has been talked about at length in the CG but continues to be lost in translation from time to time; we need to clarify it more in the DID spec as the examples are currently doing the heavy lifting. In short, verification methods (e.g., public keys) in a DID Document should be expressed according to what they are authorized for: Then, for example, when a key is used in a There's more elaboration here: https://lists.w3.org/Archives/Public/public-credentials/2018Dec/0108.html Note that sometimes a key type will implicitly restrict a key to really only having one purpose, but others will not. It would be quite unusual to use an X25519 key for anything other than I should also mention that, in practice, there are very few of these relations to define. I don't think it should be a significant interop concern. |
|
I totally agree, but why not annotate the keys in the property that is already supported? for example: There is a similar issue we are currently facing with the duplication or linking of keys in the For example this issue with well-known did configuration spec: decentralized-identity/.well-known#16 To demonstrate interop today, we are going to need to build on what people have implemented and is currently defined in the spec. As I understand the proofPurpose in JSON-LD, the default assumption already exists for keys in the I'd prefer not to need to iterate a number of collections, and follow links between them if possible, the adoption of standard interoperability between DID Methods for things like OIDC SIOP or EDV will drive the method implementers to update their code, but I think we should try our best minimize the updates needed. |
That would not be a statement linking the DID subject to what keys they have authorized but rather a statement about the key itself. What happens when the DID subject authorizes a verification method that is defined in another document and is perhaps under the control of another entity? What if that key expresses its usage for a whole variety of things ... but the DID controller only wishes to authorize one use for the DID subject? Rather, the authority should come from a relation explicitly stated linking the DID subject and the verification method -- because that is the root of authority, not meta data about the key.
There are implementations that use this today, including Veres One. Further, the spec does, today, mention proof purposes and shows examples differentiating between keys authorized for any purpose from those authorized for a specific purpose, for which
No, this is incorrect. Keys in the
Rather just the opposite happens with what I'm recommending. For example, verification software that sees an LD proof with a |
|
@dlongley thanks this is much clearer now. I now understand your point regarding the data stored in the publicKey property and the argument to use these other collections on the DID Document to handle specific purposes. This section of the DID Spec needs to be updated: https://w3c.github.io/did-spec/#did-documents As you noted, people are assuming that If the intention is to use other collections, and not annotate the keys with purposes, we should provide a spanning example and update the spec asap. I think we are probably fairly off topic for this issue now, but would love to support fixing the did spec. Can you open an issue on the did-core spec and provide the most spanning example of these other collection properties, and tag me and I will add some details around why we need to get the spec updated? |
|
Thanks. There are already 2-3 issues related to this very problem open in the DIDWG so I don't want to add another. I've linked the issues (w3c/did-core#2). Ultimately, we need to develop spec text that will encompass the above conversation, the email from the archive I linked to above, and new text clarifying |
|
Ready to move this issue https://github.com/decentralized-identity/secure-data-store @msporny you should be able to do this now. |
The spec notes the use of JWE, which is also used by DIDComm.
https://digitalbazaar.github.io/encrypted-data-vaults/#example-3-example-encrypted-document
I would like to see concrete examples of supported JWEs, including the key material necessary to decrypt, and compare for interoperability with the DIDComm encrypted envelope format. There is no DIDComm spec yet to point too, but the intention is for the encrypted envelope to be a JWE compliant.
The text was updated successfully, but these errors were encountered: