- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Sun, 7 May 2017 07:36:08 +0200
- To: W3C Credentials Community Group <public-credentials@w3.org>
Before you decide on signature format I suggest that you evaluate an alternative which:
- Builds on ES6 serialization making JSON.stringify() and JSON.parse() the only "algorithms" needed for canonicalization
- Supports a subset of the JOSE signature algorithms (JWA)
- Supports a subset of the JOSE key descriptor (JWK)
- Does not shroud data or headers in Base64
{
"firstName": "Luke",
"familyName": "Skywalker",
"origin": "Alderaan",
"signature": {
"algorithm": "ES256",
"publicKey": {
"kty": "EC",
"crv": "P-256",
"x": "vlYxD4dtFJOp1_8_QUcieWCW-4KrLMmFL2rpkY1bQDs",
"y": "fxEF70yJenP3SPHM9hv-EnvhG6nXr3_S-fDqoj-F6yM"
},
"value": "Y3Y_O0500a2S2qt11Wx7SxPtIw_hcwMwTOkCaxXKgSgnGXRvSt_96a3Daq0jzqf2ROFvPIiAWGIVtKWxtPMPuw"
}
}
On-line testing: https://mobilepki.org/jcs
Specification: https://cyberphone.github.io/doc/security/jcs.html
Code: https://github.com/cyberphone/openkeystore
Received on Sunday, 7 May 2017 05:36:44 UTC