W3C home > Mailing lists > Public > public-credentials@w3.org > March 2021

Re: Crypto ontology?

From: Henry Story <henry.story@gmail.com>
Date: Sat, 27 Mar 2021 18:26:26 +0100
To: Manu Sporny <msporny@digitalbazaar.com>, Credentials CG <public-credentials@w3.org>
Message-Id: <8D6B1E80-18F1-4443-9EB4-B141D1DBCFC6@gmail.com>


> On 25 Mar 2021, at 19:25, Henry Story <henry.story@gmail.com> wrote:
> 
>>> 
>>> If there were a agreed on crypto ontology that would be easy to put
>>> together. Is there one yet?
>> 
>> There is a Security ontology that this community uses and maintains here:
>> 
>> https://w3id.org/security
> 
> Ah thanks.

Studying that, I think something like the following very minimal
JSON-LD could do for the `keyId` document.

{
"@context": [
    "https://w3id.org/security/v1",
    { "ex": "http://example.org/vocab#" }
  ],
  "id": "#hs",
  "controller": "/people/henry#i",
  "publicKeyJwk": {
    "kty": "RSA",
    "n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw",
    "e":"AQAB",
    "alg":"PS512",
    "kid":"2011-04-29"
  }
}

Essentially reading the RFCs think the ”alg” gives us all that is needed as PS512
covers just RSA and SHA512 signatures. It is easy to make mistakes here though.

I wrote up references to RFCs and the equivalent Turtle representation here:
https://github.com/solid/authentication-panel/issues/156#issuecomment-808727508
> 
>> 
>>> Otherwise how could I encode this info in a way that would be somewhat
>>> acceptable? Is there a name for such a pair?
>> 
>> Looking a key up by hash is a curious choice when you could just use a URL?
> 
> (Not sure why you think I was suggesting to look it up by hash?)
> 
> Ah, perhaps you are thinking of <#k> and <#kh> ?
> I meant of course that the following <#k> and <#kh> be relative
> URLs to the base document in which they are placed. So if this
> is located at <https://alice.name/keys>
> 
> <#kh> :uses <#k>;
>     :with cert:Sha512 .
> 
> <#k>  a cert:RSAPublicKey;
>    cert:modulus "00cb24ed85d64d794b..."^^xsd:hexBinary;
>    cert:exponent 65537 .
> 
> ( Can I express this with the security ontology? )
> 
> then the keyID of an HttpSig Message could contain either one of
> 
> 
> 1. if we allow relative URLs, (Alice accessing her own POD):
> 
> GET /comments/ HTTP/1.1
> Authorization: HttpSig signed=”sig1"
> Signature-Input: sig1=(); keyId="</keys#kh>"; created=1402170695
> Signature: sig1=:cxieW5ZKV9R9A70+Ua1A/1FCvVayuE6Z77wDGNVFSiluSzR9TYFV
>       vwUjeU6CTYUdbOByGMCee5q1eWWUOM8BIH04Si6VndEHjQVdHqshAtNJk2Quzs6WC
>       2DkV0vysOhBSvFZuLZvtCmXRQfYGTGhZqGwq/AAmFbt5WNLQtDrEe0ErveEKBfaz+
>       IJ35zhaj+dun71YZ82b/CRfO6fSSt8VXeJuvdqUuVPWqjgJD4n9mgZpZFGBaDdPiw
>       pfbVZHzcHrumFJeFHWXH64a+c5GN+TWlP8NPg2zFdEc/joMymBiRelq236WGm5VvV
>       9a22RW2/yLmaU/uwf9v40yGR/I1NRA==:
> 
> 
> 2. we can send a full URL, (perhaps if Alice goes to a different POD)
> 
> GET /comments/ HTTP/1.1
> Authorization: HttpSig
> Signature-Input: sig1=(); keyId="<https://alice.name/keys#kh>"; created=1402170695
> Signature: sig1=:cxie...:
> 
> 
> 3. IDEALLY, if the P2P Extension to HTTP is used, the client could send
> a relative URL pointing to itself, which the server could GET by
> switching roles.
> 
> GET /comments/ HTTP/1.1
> Authorization: HttpSig
> Signature-Input: sig1=(); keyId=”>/keys#kh<"; created=1402170695
> Signature: sig1=:.....:


Received on Saturday, 27 March 2021 17:27:42 UTC

This archive was generated by hypermail 2.4.0 : Saturday, 27 March 2021 17:27:43 UTC