W3C home > Mailing lists > Public > public-credentials@w3.org > March 2021

Re: How to verify the did:key document is authorized by the private key holder ... JWS?

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Thu, 18 Mar 2021 20:56:12 -0400
To: public-credentials@w3.org
Message-ID: <597f350f-6a10-b7f5-4bb9-4923c8976feb@digitalbazaar.com>
On 3/18/21 8:24 PM, Stefan More wrote:
> Thus, there is no need to sign the DID doc by design. Or am I missing
> something?

Correct. did:key DID Documents are purely generative things... if you know the
did:key value, you have everything you need to:

1) Generate the DID Document, and
2) Verify that any signature created by that did:key was
   generated by the controller of that key.

In other words, this is a cryptographic public key:


and that's all you need to verify a signature. It's the simplest and easiest
to use type a DID.

As a related aside... all off-ledger Veres One DIDs share this same property
(and are effectively did:keys).

-- manu

Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
blog: Veres One Decentralized Identifier Blockchain Launches
Received on Friday, 19 March 2021 00:56:27 UTC

This archive was generated by hypermail 2.4.0 : Friday, 19 March 2021 00:56:28 UTC