This repo is now deprecated.

This work has moved to the W3C VCWG, you can open issues, comment on PRs or engage on the latest version here:

• https://github.com/w3c/vc-jws-2020

See the W3C Verifiable Credentials Working Group.

Linked Data Signatures for JWS

View On Github

• View Linked Data Signature Suite Vocabulary
• View Linked Data Signature Suite Context

Interop Test Suite

• See JWS-Test-Suite.

See the repo above for links to implementations in Java, Rust and TypeScript.

Security Considerations

You should be aware that some of these curves are not considered safe:

• https://safecurves.cr.yp.to/

If you will only ever need to support Ed25519 or only Secp256k1, you should consider using a restricted Linked Data Signature Suite like:

• Ed25519Signature2018

• EcdsaSecp256k1Signature2019

Supported JOSE Algorithms

The expected alg will be determined by the following table.

kty	crvOrSize	signature	keyAgreement	encryption
OKP	Ed25519	EdDSA
OKP	X25519		ECDH	ECDH-ES+A256KW
EC	secp256k1	ES256K	ECDH
RSA	2048	PS256		RSA-OAEP
EC	P-256	ES256	ECDH	ECDH-ES+A256KW
EC	P-384	ES384	ECDH	ECDH-ES+A256KW

Anything else will result in an unsupported alg error.

Suite Details

Per ld-signatures, this Signature Suite defines the following:

{
  "id": "https://w3c-ccg.github.io/lds-jws2020/contexts/#JsonWebSignature2020",
  "type": "SignatureSuite",
  "canonicalizationAlgorithm": "https://w3id.org/security#URDNA2015",
  "digestAlgorithm": "https://tools.ietf.org/html/rfc4634#section-4.2.2",
  "signatureAlgorithm": "https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms"
}

See the Linked Data Signature Suite Vocabulary.

Credits and Support

Works with:

• jose
• universal-resolver
• jsonld-signatures
• @digitalbazaar/vc
• @transmute/json-web-signature
• @transmute/vc.js
• ssi
• DIDKit