Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Always use JsonWebKey for verification methods (alt 3) #33

Merged
merged 1 commit into from
Sep 24, 2023
Merged

Always use JsonWebKey for verification methods (alt 3) #33

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
77 changes: 62 additions & 15 deletions spec/diddocuments.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,7 @@ For example, the key `DFkI8OSUd9fnmdDM7wz9o6GT_pJIvw1K_S21AKZg4VwK` in the DID d
```

##### Ed25519
Ed25519 public keys must be converted to a verification method with a type of `Ed25519VerificationKey2020` with a cooresponding `publicKeyMultibase` field whose value is generated by decoding the CESR representation of the public key out of the KEL into its binary form and re-encoding is as multibase. For example, a KERI AID with only the following inception event in its KEL:
Ed25519 public keys must be converted to a verification method with a type of `JsonWebKey` and `publicKeyJwk` property whose value is generated by decoding the CESR representation of the public key out of the KEL and into its binary form (minus the leading 'B' or 'D' CESR codes) and generating the corresponding representation of the key in JSON Web Key form. For example, a KERI AID with only the following inception event in its KEL:

```json
{
Expand All @@ -162,7 +162,7 @@ Ed25519 public keys must be converted to a verification method with a type of `E
"k": [
"DFkI8OSUd9fnmdDM7wz9o6GT_pJIvw1K_S21AKZg4VwK",
]
// ...
// ...
}
```

Expand All @@ -171,18 +171,55 @@ would result in a DID document with the following verification methods array:
```json
"verificationMethod": [
{
"id": "did:webs:example.com:EDP1vHcw_wc4M__Fj53-cJaBnZZASd-aMTaSyWEQ-PC2#DFkI8OSUd9fnmdDM7wz9o6GT_pJIvw1K_S21AKZg4VwK",
"type": "Ed25519VerificationKey2020",
"id": "#DFkI8OSUd9fnmdDM7wz9o6GT_pJIvw1K_S21AKZg4VwK",
"type": "JsonWebKey",
"controller": "did:webs:example.com:EDP1vHcw_wc4M__Fj53-cJaBnZZASd-aMTaSyWEQ-PC2",
"publicKeyMultibase": "zFC8PE5Ney3ScmNawy1e1bzXJZQmN7ENGDRy1iPuBPUtr"
"publicKeyJwk": {
"kid": "DFkI8OSUd9fnmdDM7wz9o6GT_pJIvw1K_S21AKZg4VwK",
"kty": "OKP",
"crv": "Ed25519",
"x": "FkI8OSUd9fnmdDM7wz9o6GT_pJIvw1K_S21AKZg4VwI"
}
}
]
```

##### Secp256k1
Secp256k1 public keys must be converted to a verification method with a type of `EcdsaSecp256k1VerificationKey2019` with a cooresponding `publicKeyJwk` field whose value is generated by decoding the CESR representation of the public key out of the KEL and into its binary form and generating the mapping representation of the key in JSON Web Key form.
Secp256k1 public keys must be converted to a verification method with a type of `JsonWebKey` and `publicKeyJwk` property whose value is generated by decoding the CESR representation of the public key out of the KEL and into its binary form (minus the leading '1AAA' or '1AAB' CESR codes) and generating the corresponding representation of the key in JSON Web Key form. For example, a KERI AID with only the following inception event in its KEL:

```json
{
"v": "KERI10JSON0001ad_",
"t": "icp",
"d": "EDP1vHcw_wc4M__Fj53-cJaBnZZASd-aMTaSyWEQ-PC2",
"i": "EDP1vHcw_wc4M__Fj53-cJaBnZZASd-aMTaSyWEQ-PC2",
"s": "0",
"kt": 1,
"k": [
"1AAAAmbFVu-Wf8NCd63B9V0zsy7EgB_ocX2_n_Nh1FCmgF0Y",
]
// ...
}
```

TODO: Add example of Secp256k1 key in a KEL and the resultant verification method
would result in a DID document with the following verification methods array:

```json
"verificationMethod": [
{
"id": "#1AAAAmbFVu-Wf8NCd63B9V0zsy7EgB_ocX2_n_Nh1FCmgF0Y",
"type": "JsonWebKey",
"controller": "did:webs:example.com:EDP1vHcw_wc4M__Fj53-cJaBnZZASd-aMTaSyWEQ-PC2",
"publicKeyJwk": {
"kid": "1AAAAmbFVu-Wf8NCd63B9V0zsy7EgB_ocX2_n_Nh1FCmgF0Y",
"kty": "EC",
"crv": "secp256k1",
"x": "ZsVW75Z_w0J3rcH1XTOzLsSAH-hxfb-Q82HUUKaAXRg",
"y": "Lu6Uw785U3K05D-NPNoUInHPNUz9cGqWwjKjm5KL8FI"
}
}
]
```

#### Verification Relationships
KERI AID public keys can be used to sign a variety of data. This includes but is not limited to logging into a website, challenge-response exchanges and credential issuances. It follows that for each public key in `k` two verification relationships must be generated in the DID document. One verification relationship of type `authentication` and one verification relationship of type `assertionMethod`. The `authentication` verification relationship defines that the DID controller can authenticate using each key and the `assertionMethod` verification relationship defines that the DID controller can express claims with each key (should we address multisig and thresholds here?).
Expand Down Expand Up @@ -407,27 +444,37 @@ Resulting DID document:
"verificationMethod": [
{
"id": "#1AAAAg299p5IMvuw71HW_TlbzGq5cVOQ7bRbeDuhheF-DPYk",
"type": "EcdsaSecp256k1VerificationKey2019",
"type": "JsonWebKey",
"controller": "did:webs:example.com:Ew-o5dU5WjDrxDBK4b4HrF82_rYb6MX6xsegjq4n0Y7M",
"publicKeyJwk": {
"kid": "1AAAAg299p5IMvuw71HW_TlbzGq5cVOQ7bRbeDuhheF-DPYk",
"kty": "EC",
"crv": "secp256k1",
"x": "NtngWpJUr-rlNNbs0u-Aa8e16OwSJu6UiFf0Rdo1oJ4",
"y": "qN1jKupJlFsPFc1UkWinqljv4YE0mq_Ickwnjgasvmo",
"kty": "EC",
"kid": "WjKgJV7VRw3hmgU6--4v15c0Aewbcvat1BsRFTIqa5Q"
"y": "qN1jKupJlFsPFc1UkWinqljv4YE0mq_Ickwnjgasvmo"
}
},
{
"id": "#DA-vW9ynSkvOWv5e7idtikLANdS6pGO2IHJy7v0rypvE",
"type": "Ed25519VerificationKey2020",
"type": "JsonWebKey",
"controller": "did:webs:example.com:Ew-o5dU5WjDrxDBK4b4HrF82_rYb6MX6xsegjq4n0Y7M",
"publicKeyMultibase": "zH3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
"publicKeyJwk": {
"kid": "DA-vW9ynSkvOWv5e7idtikLANdS6pGO2IHJy7v0rypvE",
"kty": "OKP",
"crv": "Ed25519",
"x": "A-vW9ynSkvOWv5e7idtikLANdS6pGO2IHJy7v0rypvE"
}
},
{
"id": "#DLWJrsKIHrrn1Q1jy2oEi8Bmv6aEcwuyIqgngVf2nNwu",
"type": "Ed25519VerificationKey2020",
"type": "JsonWebKey",
"controller": "did:webs:example.com:Ew-o5dU5WjDrxDBK4b4HrF82_rYb6MX6xsegjq4n0Y7M",
"publicKeyMultibase": "zDqYpw38nznAUJeeFdhKBQutRKpyDXeXxxi1HjYUQXLas"
"publicKeyJwk": {
"kid": "DLWJrsKIHrrn1Q1jy2oEi8Bmv6aEcwuyIqgngVf2nNwu",
"kty": "OKP",
"crv": "Ed25519",
"x": "LWJrsKIHrrn1Q1jy2oEi8Bmv6aEcwuyIqgngVf2nNws"
}
}
],
"authentication": [
Expand Down