Hey Folks, What is the best way to combine DIDs with Certificate Authorities? The use case is simple: As a verifier, I want to know that a credential was issued from a public key that is in a certificate chain I trust. When I verify this credential, I not only check its signature, but I can also check the CA chain from the key that signed in back to the root. @Mike Prorock <mprorock@mesur.io> and I have been working on a simple example of this using DID Web, but I think it generalizes to any DID Method that supports `publicKeyJwk` and `x5c`. https://github.com/transmute-industries/openssl-did-web-tutorial In this example, we generate a root ca, an intermediate ca, and 3 child ca's all using P-384 and OpenSSL. We then generate a DID Web DID Document from the public keys for the 3 children, and encode the ca chain from them back to the root using `x5c`. We then issue a JWT from the private key for 1 of them. We then verify the JWT signature using the public key. We then check the x5c using open seel to confirm the certificate chain. My questions are: 1. Is it possible to use JOSE to automate this further? 2. Is there a better way of accomplishing this? 3. Should the CA chain be pushed into the JWT? Regards, OS -- *ORIE STEELE* Chief Technical Officer www.transmute.industries <https://www.transmute.industries> ᐧReceived on Thursday, 17 February 2022 14:33:28 UTC
This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:25:28 UTC