- From: Henry Story <henry.story@gmail.com>
- Date: Sat, 27 Mar 2021 18:26:26 +0100
- To: Manu Sporny <msporny@digitalbazaar.com>, Credentials CG <public-credentials@w3.org>
- Message-Id: <8D6B1E80-18F1-4443-9EB4-B141D1DBCFC6@gmail.com>
> On 25 Mar 2021, at 19:25, Henry Story <henry.story@gmail.com> wrote:
>
>>>
>>> If there were a agreed on crypto ontology that would be easy to put
>>> together. Is there one yet?
>>
>> There is a Security ontology that this community uses and maintains here:
>>
>> https://w3id.org/security
>
> Ah thanks.
Studying that, I think something like the following very minimal
JSON-LD could do for the `keyId` document.
{
"@context": [
"https://w3id.org/security/v1",
{ "ex": "http://example.org/vocab#" }
],
"id": "#hs",
"controller": "/people/henry#i",
"publicKeyJwk": {
"kty": "RSA",
"n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw",
"e":"AQAB",
"alg":"PS512",
"kid":"2011-04-29"
}
}
Essentially reading the RFCs think the ”alg” gives us all that is needed as PS512
covers just RSA and SHA512 signatures. It is easy to make mistakes here though.
I wrote up references to RFCs and the equivalent Turtle representation here:
https://github.com/solid/authentication-panel/issues/156#issuecomment-808727508
>
>>
>>> Otherwise how could I encode this info in a way that would be somewhat
>>> acceptable? Is there a name for such a pair?
>>
>> Looking a key up by hash is a curious choice when you could just use a URL?
>
> (Not sure why you think I was suggesting to look it up by hash?)
>
> Ah, perhaps you are thinking of <#k> and <#kh> ?
> I meant of course that the following <#k> and <#kh> be relative
> URLs to the base document in which they are placed. So if this
> is located at <https://alice.name/keys>
>
> <#kh> :uses <#k>;
> :with cert:Sha512 .
>
> <#k> a cert:RSAPublicKey;
> cert:modulus "00cb24ed85d64d794b..."^^xsd:hexBinary;
> cert:exponent 65537 .
>
> ( Can I express this with the security ontology? )
>
> then the keyID of an HttpSig Message could contain either one of
>
>
> 1. if we allow relative URLs, (Alice accessing her own POD):
>
> GET /comments/ HTTP/1.1
> Authorization: HttpSig signed=”sig1"
> Signature-Input: sig1=(); keyId="</keys#kh>"; created=1402170695
> Signature: sig1=:cxieW5ZKV9R9A70+Ua1A/1FCvVayuE6Z77wDGNVFSiluSzR9TYFV
> vwUjeU6CTYUdbOByGMCee5q1eWWUOM8BIH04Si6VndEHjQVdHqshAtNJk2Quzs6WC
> 2DkV0vysOhBSvFZuLZvtCmXRQfYGTGhZqGwq/AAmFbt5WNLQtDrEe0ErveEKBfaz+
> IJ35zhaj+dun71YZ82b/CRfO6fSSt8VXeJuvdqUuVPWqjgJD4n9mgZpZFGBaDdPiw
> pfbVZHzcHrumFJeFHWXH64a+c5GN+TWlP8NPg2zFdEc/joMymBiRelq236WGm5VvV
> 9a22RW2/yLmaU/uwf9v40yGR/I1NRA==:
>
>
> 2. we can send a full URL, (perhaps if Alice goes to a different POD)
>
> GET /comments/ HTTP/1.1
> Authorization: HttpSig
> Signature-Input: sig1=(); keyId="<https://alice.name/keys#kh>"; created=1402170695
> Signature: sig1=:cxie...:
>
>
> 3. IDEALLY, if the P2P Extension to HTTP is used, the client could send
> a relative URL pointing to itself, which the server could GET by
> switching roles.
>
> GET /comments/ HTTP/1.1
> Authorization: HttpSig
> Signature-Input: sig1=(); keyId=”>/keys#kh<"; created=1402170695
> Signature: sig1=:.....:
Received on Saturday, 27 March 2021 17:27:42 UTC