Re: LD-Signatures from Carlos Bruguera on 2018-10-25 (public-credentials@w3.org from October 2018)

From: Carlos Bruguera <cbruguera@gmail.com>
Date: Thu, 25 Oct 2018 16:07:07 +0700
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: kim@learningmachine.com, Christopher Allen <ChristopherA@lifewithalacrity.com>, rgrant@rgrant.org, dpape@dpape.com, Dave Longley <dlongley@digitalbazaar.com>, dlehn@digitalbazaar.com, "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Message-ID: <CAJrRL-G5JaNVZvMffMZAJH_drTJw2u8zTg=9vLV3UpNWVku=Yg@mail.gmail.com>

Greetings everyone, and thanks Manu for your reply. It's perfectly
understandable if you're not available for replying these days, although I
expect anyone else with experience on this matter to give me a hand if
possible.

So, I'm trying to sign and verify JSON-LD data using the *jsonld-signatures*
library. I'm tring to sign using Ethereum private keys, and I assume
*EcdsaKoblitzSignature2016* suite is fitting to my needs. However, I'm
having issues at the moment of verification, the latest error being Address
buffers must be exactly 21 bytes. Now, I follow with a few questions:

1. From what I see on the test code, this suite uses private and public
keys in WIF format, is this the only way to use this suite?
2. Is there a known problem in converting Ethereum keys to WIF format?
Although both Ethereum and Bitcoin keys are based on secp256k1, I've never
seen anyone use WIF in Ethereum context.
3. I'm using the wif npm package <https://www.npmjs.com/package/wif> to
encode my keys into WIF format. Is this a good approach? Example:

const privateKeyWif = wif.encode(128, Buffer(this.privateKey), true)

In summary, I'm not familiar with WIF and I'm assuming it's the only way
EcdsaKoblitzSignature2016 works, yet I'm having trouble that looks like my
parameters are still incompatible with the expected format. The following
is an example of keys being used to test the library:

privateKey =
305c5b3dbfe8e8a322c4deb5abb19d7804b68c69e988b94d2ffb0c75cfb46291
privateKeyWIF = KxwDP5TbbJFvpbHrteeyLvMSPtnpVEAA7Gj1miuEFGgcmP7fRhZ1

publicKey =
04f365220f1614436d292935640b048ab7e590e0840112dc83e5e9e7760ac87971505899ae0f2de9fc35a70c1f8941865b711908cd672eecd1e6b1d75e27902f7c
publicKeyWIF = KxqQzbP6o9YDKKmuFG6zL66NUZWhexCPSYqAmEtMr6D5CSBzRvZr

Any pointers on how to properly use this library with Ethereum addresses is
very welcome. Thanks in advance.

Regards,
Carlos

On Wed, Oct 17, 2018 at 8:48 PM Manu Sporny <msporny@digitalbazaar.com>
wrote:

> On 10/17/2018 05:59 AM, Carlos Bruguera wrote:
> > I write to you in private since I didn't want to pollute the W3C CG
> > list with what might be too technical yet still probably too basic
> > questions with regard to LD signatures. I hope you can help me get
> > more clear on the matter.
>
> +CC: A bunch of people that may have used the JSON-LD Koblitz signature
> stuff...
>
> I suggest you email this to the mailing list... you're more likely to
> get help there.... and people can learn from the discussion.
>
> > Basically, I'm implementing a DID/VCs library that works with ETH
> > addresses as DIDs. I'm assuming I should be able to sign JSON-LD
> > data with Ethereum private keys using the /EcdsaKoblitzSignature2016/
> >  suite on the jsonld-signatures library. Please let me know if this
> > is not the case and I should be using another suite or perhaps
> > jsonld-signatures is not the right fit for my case.
>
> In theory, you should be able to do that. It seems to still be working
> here:
>
> https://json-ld.org/playground-dev/
>
> > I couldn't find any documentation on how to use the library, other
> > than the example provided on the github README file:
> > https://github.com/digitalbazaar/jsonld-signatures ...Are there any
> > other sources/docs that can be useful as a reference?
>
> Nope, unfortunately that particular cryptosuite doesn't have a
> maintainer... although, there isn't much there to maintain AFAICT, it's
> been "working" for the past several years... just no one has updated it.
>
> > I'm currently taking a look at the repo test files in order
> > understand how it's used, but I'm still having some issues while
> > using ETH private keys, that's why I thought I might be using the
> > wrong algorithm for this case or perhaps missing some important piece
> > of knowledge.
>
> What issues are you having?
>
> > Any info or tips regarding ld-signatures is very much appreciated.
> > And thanks beforehand for any response you might have on this
> > matter.
>
> I suggest talking w/ Dave Lehn... he might be able to support.
>
> Also note that emailing me directly will be a crap shoot for the next 3
> weeks. I may or may not respond, most likely because I'm horribly under
> water, in transit, or at conferences that require my full attention.
>
> -- manu
>
> --
> Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
> Founder/CEO - Digital Bazaar, Inc.
> blog: Veres One Decentralized Identifier Blockchain Launches
> https://tinyurl.com/veres-one-launches
>

Received on Thursday, 25 October 2018 09:07:43 UTC