Light

w3c-ccg / lds-jws2020 Goto Github PK

View Code? Open in Web Editor NEW

13.0 13.0 9.0 4.07 MB

Linked Data Signatures for JWS

Home Page: https://www.w3.org/community/reports/credentials/CG-FINAL-lds-jws2020-20220721/

License: Other

decentralized-identifiers jose json-ld jwe jwk jws linked-data verifiable-credentials

lds-jws2020's Introduction

This repo is now deprecated.

This work has moved to the W3C VCWG, you can open issues, comment on PRs or engage on the latest version here:

https://github.com/w3c/vc-jws-2020

See the W3C Verifiable Credentials Working Group.

Linked Data Signatures for JWS

Interop Test Suite

See JWS-Test-Suite.

See the repo above for links to implementations in Java, Rust and TypeScript.

Security Considerations

You should be aware that some of these curves are not considered safe:

https://safecurves.cr.yp.to/

If you will only ever need to support Ed25519 or only Secp256k1, you should consider using a restricted Linked Data Signature Suite like:

Supported JOSE Algorithms

The expected alg will be determined by the following table.

kty	crvOrSize	signature	keyAgreement	encryption
OKP	Ed25519	EdDSA
OKP	X25519		ECDH	ECDH-ES+A256KW
EC	secp256k1	ES256K	ECDH
RSA	2048	PS256		RSA-OAEP
EC	P-256	ES256	ECDH	ECDH-ES+A256KW
EC	P-384	ES384	ECDH	ECDH-ES+A256KW

Anything else will result in an unsupported alg error.

Suite Details

Per ld-signatures, this Signature Suite defines the following:

{
  "id": "https://w3c-ccg.github.io/lds-jws2020/contexts/#JsonWebSignature2020",
  "type": "SignatureSuite",
  "canonicalizationAlgorithm": "https://w3id.org/security#URDNA2015",
  "digestAlgorithm": "https://tools.ietf.org/html/rfc4634#section-4.2.2",
  "signatureAlgorithm": "https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms"
}

See the Linked Data Signature Suite Vocabulary.

Credits and Support

Works with:

lds-jws2020's People

Contributors

Stargazers

Watchers

Forkers

kdenhartog jacehensley gjgd mingderwang appcoreopc brianorwhatever jeffherb mesur-io decentralgabe

lds-jws2020's Issues

Spec doesn't exist?

I went here expecting to be able to read some sort of spec (as published on the landing page for the repo):

https://w3c-ccg.github.io/lds-jws2020/

It 404's ... where is the spec for this Linked Data Security suite?

Rename repo/types to align with JWS

Please rename the following things in this library:

lds-jose2020 -> lds-jws2020
JoseVerificationKey2020 -> JwsVerificationKey2020
JoseLinkedDataSignature2020 -> JsonWebSignature2020

JOSE stands for "Json Object Signing and Encryption" -- this library doesn't do encryption, it does signatures, and that is the Json Web Signature part of the JOSE stack.

Add Columns for KeyAgreement and Encryption

Similar to the columns defining signature algorithms , can you provide some concrete preferences for x25519 ?

For example: https://github.com/panva/jose-chacha

ECDH-ES+XC20PKW

Suite Error when following example

Time Appropriate Greetings.
Not 100% sure what is causing this issue, but just trying out the example from the readme.md results in the following issue:

suite.ensureSuiteContext({document, addSuiteContext});

Add Test for Integrating with VC-JS

https://github.com/decentralized-identity/lds-ecdsa-secp256k1-2019.js/blob/master/packages/lds-ecdsa-secp256k1-2019-demo/src/App.js#L94

Like so ^

Digest algorithm

Where is the canonical definition of the digest algorithm defined by the vocabulary:

{
  "id": "https://lds.jsld.org/contexts/#JsonWebSignature2020",
  "type": "SignatureSuite",
  "canonicalizationAlgorithm": "https://w3id.org/security#URDNA2015",
  "digestAlgorithm": "https://www.ietf.org/assignments/jwa-parameters#SHA256",
  "signatureAlgorithm": "https://tools.ietf.org/html/rfc7518"
}

https://www.ietf.org/assignments/jwa-parameters#SHA256 is not a valid URL, and JWA does not define message-digest algorithms.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.