Re: json-ld signatures with Ed25519VerificationKey2018

On 6/2/20 10:23 PM, Nikos Fotiou wrote:
> Hi all,
> I am experimenting with json-ld signatures, using digital bazaar's library 
> https://github.com/digitalbazaar/jsonld-signatures
> 
> I notice when this algorithm is used Ed25519VerificationKey2018 the library
> crates a jwt with the following header:
> header = {
>     "alg": "EdDSA",
>     "b64": False,
>     "crit": ["b64"]
> }
> I am struggling to understand what is this header and why is there. Anybody?

The signature value for Ed25519Signature2018 is a detached JWS on an
unencoded payload (no base64 encoding applied). Since the value is a
JWS, this includes a header -- and since it is an EdDSA signature over
an unencoded payload, the above parameters are expressed.

See: https://tools.ietf.org/html/rfc7797#page-7

An effort was made with the Ed25519Signature2018 and RsaSignature2018
signature suites to get more alignment with JWS -- and expressing the
signature value as a JWS in this manner is the outcome of that.


-- 
Dave Longley
CTO
Digital Bazaar, Inc.

Received on Wednesday, 3 June 2020 14:10:35 UTC