W3C home > Mailing lists > Public > public-credentials@w3.org > May 2017

Signature format for Verified Credentials

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Sun, 7 May 2017 07:36:08 +0200
To: W3C Credentials Community Group <public-credentials@w3.org>
Message-ID: <ea29facd-1c27-5ace-0137-282cf30f6230@gmail.com>
Before you decide on signature format I suggest that you evaluate an alternative which:
- Builds on ES6 serialization making JSON.stringify() and JSON.parse() the only "algorithms" needed for canonicalization
- Supports a subset of the JOSE signature algorithms (JWA)
- Supports a subset of the JOSE key descriptor (JWK)
- Does not shroud data or headers in Base64

{
     "firstName": "Luke",
     "familyName": "Skywalker",
     "origin": "Alderaan",
     "signature": {
         "algorithm": "ES256",
         "publicKey": {
             "kty": "EC",
             "crv": "P-256",
             "x": "vlYxD4dtFJOp1_8_QUcieWCW-4KrLMmFL2rpkY1bQDs",
             "y": "fxEF70yJenP3SPHM9hv-EnvhG6nXr3_S-fDqoj-F6yM"
         },
         "value": "Y3Y_O0500a2S2qt11Wx7SxPtIw_hcwMwTOkCaxXKgSgnGXRvSt_96a3Daq0jzqf2ROFvPIiAWGIVtKWxtPMPuw"
     }
}

On-line testing: https://mobilepki.org/jcs
Specification: https://cyberphone.github.io/doc/security/jcs.html
Code: https://github.com/cyberphone/openkeystore
Received on Sunday, 7 May 2017 05:36:44 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:37 UTC