Re: New JSON-LD digital signature library for Javascript (browsers and node.js) from Melvin Carvalho on 2014-12-09 (public-credentials@w3.org from December 2014)

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Tue, 9 Dec 2014 03:16:53 +0100
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: Credentials Community Group <public-credentials@w3.org>
Message-ID: <CAKaEYhKPf3b+3WdzX1=QDOgNp8mnWy+PDuDbDdOdukizHJczbQ@mail.gmail.com>

On 9 December 2014 at 02:46, Manu Sporny <msporny@digitalbazaar.com> wrote:

> On 12/08/2014 04:40 AM, Melvin Carvalho wrote:
> > On 8 December 2014 at 04:31, Manu Sporny <msporny@digitalbazaar.com
> > <mailto:msporny@digitalbazaar.com>> wrote:
> >
> > Digital Bazaar has just released a convenience library for creating
> > and verifying JSON-LD Signatures in Javascript in the browser and in
> >  node.js:
> >
> > https://github.com/digitalbazaar/jsonld-signatures/
> >
> > Awesome!
> >
> > I'm right it only works with RSA keys right now, e.g. not with
> > bitcoin ECC?
>
> Yes, PEM encoded RSA keys only at the moment, I think. I think we can
> also read in ECDSA keys, but don't know if we support the signature
> portion in forge (which is used browser-side to do signatures). No
> Bitcoin ECC yet (but would be interested in adding it if there were both
> a node.js and browser implementation of signing and verifying Bitcoin
> ECC signatures). Do you know of any?
>

Not a problem, it's just that I had to dive into the code to find out that
RSA was the only PEM supported, perhaps a message in the comment is all I
suggest.


>
> > Slight nit pick:  perhaps the graph signature 2012 URL could be a
> > default option?
>
> Well, it's the only option at present, so I guess that makes it the
> default. :P
>
> What were you thinking? Happy to change the API to match what you're
> thinking about.
>

As above, perhaps in the options it has a field you can add, but 2012 is
the default.  Not a big issue at all.


>
> > Three things I'd love to see as convenience functions:
> >
> > 1. Normalize -- Done 2. Signing -- Done 3. Hash content into ID, so
> > that blank nodes can easily be replaced with a URI (I'd suggest
> > ni:///sha256;<base64urlhash>
>
> We're using your suggestion for ni:/// hashes elsewhere, I don't really
> see an issue w/ adding a convenience method for it. Make sure to read
> Dave Longley's email on why it may not make sense to use them as
> resource IDs (I don't have a strong opinion on the matter).
>
> If you feel strongly about #3, please open a feature request via the
> issue tracker ( and be the very first issue in the queue! :P ):
>
> https://github.com/digitalbazaar/jsonld-signatures/issues
>

OK! :)


>
> -- manu
>
> --
> Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
> Founder/CEO - Digital Bazaar, Inc.
> blog: The Marathonic Dawn of Web Payments
> http://manu.sporny.org/2014/dawn-of-web-payments/
>

Received on Tuesday, 9 December 2014 02:17:21 UTC