Re: LD-Signatures from Carlos Bruguera on 2018-11-05 (public-credentials@w3.org from November 2018)

From: Carlos Bruguera <cbruguera@gmail.com>
Date: Mon, 5 Nov 2018 12:21:40 +0700
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: kim@learningmachine.com, Christopher Allen <ChristopherA@lifewithalacrity.com>, Ryan Grant <rgrant@rgrant.org>, dpape@dpape.com, Dave Longley <dlongley@digitalbazaar.com>, dlehn@digitalbazaar.com, "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Message-ID: <CAJrRL-G2eueLK01fLbHyN5vkLSqs-gWrQs5hsKnwmWSOkUY=cQ@mail.gmail.com>

Hello,

Is there anyone who can point me in the right direction on this matter? I'd
highly appreciate it.

Thanks,
Carlos

On Thu, Oct 25, 2018 at 4:07 PM Carlos Bruguera <cbruguera@gmail.com> wrote:

> Greetings everyone, and thanks Manu for your reply. It's perfectly
> understandable if you're not available for replying these days, although I
> expect anyone else with experience on this matter to give me a hand if
> possible.
>
> So, I'm trying to sign and verify JSON-LD data using the
> *jsonld-signatures* library. I'm tring to sign using Ethereum private
> keys, and I assume *EcdsaKoblitzSignature2016* suite is fitting to my
> needs. However, I'm having issues at the moment of verification, the latest
> error being Address buffers must be exactly 21 bytes. Now, I follow with
> a few questions:
>
> 1. From what I see on the test code, this suite uses private and public
> keys in WIF format, is this the only way to use this suite?
> 2. Is there a known problem in converting Ethereum keys to WIF format?
> Although both Ethereum and Bitcoin keys are based on secp256k1, I've never
> seen anyone use WIF in Ethereum context.
> 3. I'm using the wif npm package <https://www.npmjs.com/package/wif> to
> encode my keys into WIF format. Is this a good approach? Example:
>
> const privateKeyWif = wif.encode(128, Buffer(this.privateKey), true)
>
> In summary, I'm not familiar with WIF and I'm assuming it's the only way
> EcdsaKoblitzSignature2016 works, yet I'm having trouble that looks like my
> parameters are still incompatible with the expected format. The following
> is an example of keys being used to test the library:
>
> privateKey =
> 305c5b3dbfe8e8a322c4deb5abb19d7804b68c69e988b94d2ffb0c75cfb46291
> privateKeyWIF = KxwDP5TbbJFvpbHrteeyLvMSPtnpVEAA7Gj1miuEFGgcmP7fRhZ1
>
> publicKey =
> 04f365220f1614436d292935640b048ab7e590e0840112dc83e5e9e7760ac87971505899ae0f2de9fc35a70c1f8941865b711908cd672eecd1e6b1d75e27902f7c
> publicKeyWIF = KxqQzbP6o9YDKKmuFG6zL66NUZWhexCPSYqAmEtMr6D5CSBzRvZr
>
> Any pointers on how to properly use this library with Ethereum addresses
> is very welcome. Thanks in advance.
>
> Regards,
> Carlos
>
> On Wed, Oct 17, 2018 at 8:48 PM Manu Sporny <msporny@digitalbazaar.com>
> wrote:
>
>> On 10/17/2018 05:59 AM, Carlos Bruguera wrote:
>> > I write to you in private since I didn't want to pollute the W3C CG
>> > list with what might be too technical yet still probably too basic
>> > questions with regard to LD signatures. I hope you can help me get
>> > more clear on the matter.
>>
>> +CC: A bunch of people that may have used the JSON-LD Koblitz signature
>> stuff...
>>
>> I suggest you email this to the mailing list... you're more likely to
>> get help there.... and people can learn from the discussion.
>>
>> > Basically, I'm implementing a DID/VCs library that works with ETH
>> > addresses as DIDs. I'm assuming I should be able to sign JSON-LD
>> > data with Ethereum private keys using the /EcdsaKoblitzSignature2016/
>> >  suite on the jsonld-signatures library. Please let me know if this
>> > is not the case and I should be using another suite or perhaps
>> > jsonld-signatures is not the right fit for my case.
>>
>> In theory, you should be able to do that. It seems to still be working
>> here:
>>
>> https://json-ld.org/playground-dev/
>>
>> > I couldn't find any documentation on how to use the library, other
>> > than the example provided on the github README file:
>> > https://github.com/digitalbazaar/jsonld-signatures ...Are there any
>> > other sources/docs that can be useful as a reference?
>>
>> Nope, unfortunately that particular cryptosuite doesn't have a
>> maintainer... although, there isn't much there to maintain AFAICT, it's
>> been "working" for the past several years... just no one has updated it.
>>
>> > I'm currently taking a look at the repo test files in order
>> > understand how it's used, but I'm still having some issues while
>> > using ETH private keys, that's why I thought I might be using the
>> > wrong algorithm for this case or perhaps missing some important piece
>> > of knowledge.
>>
>> What issues are you having?
>>
>> > Any info or tips regarding ld-signatures is very much appreciated.
>> > And thanks beforehand for any response you might have on this
>> > matter.
>>
>> I suggest talking w/ Dave Lehn... he might be able to support.
>>
>> Also note that emailing me directly will be a crap shoot for the next 3
>> weeks. I may or may not respond, most likely because I'm horribly under
>> water, in transit, or at conferences that require my full attention.
>>
>> -- manu
>>
>> --
>> Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
>> Founder/CEO - Digital Bazaar, Inc.
>> blog: Veres One Decentralized Identifier Blockchain Launches
>> https://tinyurl.com/veres-one-launches
>>
>

Received on Monday, 5 November 2018 05:22:17 UTC