Re: Regarding Multiple signature schemes from Orie Steele on 2019-09-16 (public-credentials@w3.org from September 2019)

From: Orie Steele <orie@transmute.industries>
Date: Mon, 16 Sep 2019 11:01:34 -0500
To: sethi shivam <sethishivam27@gmail.com>
Cc: "W3C Credentials CG (Public List)" <public-credentials@w3.org>, "W3C Digital Verification CG (Public List)" <public-digital-verification@w3.org>
Message-ID: <CAN8C-_KOfsb_x_SbSwhfuS2NQ1uDLT5_urYE1vdUMhF5X=-8eA@mail.gmail.com>

Excellent question.

1st, DID Documents are JSON-LD, so there is a context like:

https://gist.github.com/OR13/8af67a0055a4b093bf7ecd9e7f3d92dc

For the public key type to be valid it needs to be defined somewhere in:

"@context": [
    "https://schema.org/",
    "https://w3id.org/security/v1",
    "https://w3id.org/did/v1"
  ]

If the context does not define your public key type, JSON-LD handling of
your DID Document will be incorrect.

In the example I provided the following public key types are NOT supported:
publicKeyHex, publicKeyJwk, publicKeyPgp.

You can resolve this issue by opening pull requests to get them added,
hosting your own JSON-LD context which defines them, or using a
documentLoader to fake their existence in an existing context like
https://w3id.org/did/v1...

Assuming that you have solved this first challenge.

Next you need to decide if you are using JOSE or JSON-LD.

If you are using JOSE then you are responsible for using a resolver to
obtain the correct public key, ensuring its in the correct format, possibly
by converting it first, and then verifying / signing with it.

Same goes for JSON-LD, but you probably just want to use a library to do
all of this for you:

I wrote this a little while ago to try and clarify these exact issues for
secp256k1:
https://github.com/decentralized-identity/lds-ecdsa-secp256k1-2019.js

Here is a demo of verifying both JSON-LD and JWS:
https://identity.foundation/lds-ecdsa-secp256k1-2019.js/demo/

If you only care about JSON-LD, this library is probably a better place to
get the hang of this: https://github.com/digitalbazaar/jsonld-signatures

OS

On Mon, Sep 16, 2019 at 8:15 AM sethi shivam <sethishivam27@gmail.com>
wrote:

> Hi Team,
>
> I have a query.
>
> Currently I am using ED25519  algo for Key/pair generation ,but  someone
> told me that we can use multiple keygen algorithms to generate different
> types of keys
>
> and a DID document can have multiple public keys of different types like
> (RSA,secp256k1, and ed15519)
>
> so that means a did is referring a did document which has multiple public
> keys generated by Different algorithms.
> so,we have multiple private keys also ...
>
> I am a bit confused , How is this working out . Please help
>
>
>
> Thanks and Regards
> Sethi Shivam
>

-- 
*ORIE STEELE*
Chief Technology Officer
www.transmute.industries

<https://www.transmute.industries>

Received on Monday, 16 September 2019 16:02:08 UTC