Update test vector

[gorazdko]

Abstract

This PR updates the test vector to reflect the fact that there is a single ed25519 keypair. The ed25519 pubkey is part of the onion address: onion_address = base32(PUBKEY | CHECKSUM | VERSION) + ".onion"

Also, I'm getting different results when calculating id. Orie's library gives id z6MkiTBz1ymuepAQ4HEHYSF1H8quG5GLVVQR3djdX3mDooWp for a seed of 32 zeros:

gorazd@gorazd-MS-7C37:~/Desktop/testing/did-onion.js/packages/did-onion-cli$ node generate.js 
<Buffer 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00>
{ ed25519: 
   { id: '#z6MkiTBz1ymuepAQ4HEHYSF1H8quG5GLVVQR3djdX3mDooWp',
     type: 'JsonWebKey2020',
     controller: 'did:key:z6MkiTBz1ymuepAQ4HEHYSF1H8quG5GLVVQR3djdX3mDooWp',
     publicKeyJwk: 
      { crv: 'Ed25519',
        x: 'O2onvM62pC1io6jQKm8Nc2UyFXcd4kOmOsBIoYtZ2ik',
        kty: 'OKP' },

My library gives id 9ZP03Nu8GrXPAUkbKNxHOKBzxPX83SShgFkRNK-f2lw generated with this code snippet

    let str_json = json!({
      "crv": "Ed25519",
      "kty": "OKP",
      "x": "O2onvM62pC1io6jQKm8Nc2UyFXcd4kOmOsBIoYtZ2ik"
    });

    let mut str_str = str_json.to_string();
    str_str.retain(|c| !c.is_whitespace());
    println!("{}", str_str); // {"crv":"Ed25519","kty":"OKP","x":"O2onvM62pC1io6jQKm8Nc2UyFXcd4kOmOsBIoYtZ2ik"}

    use sha2::Sha256;
    let mut hasher = Sha256::new();
    hasher.update(&str_str);
    let id_ed255 = hasher.finalize();
    let id_ed255 = base64url::encode_nopad(&id_ed255);
    println!("{}", id_ed255);

The algo was tested correctly against https://w3c-ccg.github.io/lds-jws2020/#example-4

Other

Our site http://fscst5exmlmr262byztwz4kzhggjlzumvc2ndvgytzoucr2tkgxf7mid.onion was updated to show the example that Orie has come up with in https://github.com/OR13/did-onion.js

These changes are now also reflected in https://github.com/BlockchainCommons/torgap-demo where one can set up the hidden service on a linode with their own minisign secret key. It is now based on warp server

torgap-sig now allows generating a simple DID document and Tor v3 authentication keys (for client authorization)

[ChristopherA]

@OR13, two items:

• 1 - We are getting a different pub key than you.

• 2 - Does this DID document look correct?

{
  "@context": [
    "https://www.w3.org/ns/did/v1",
    {
      "@base": "did:onion:fscst5exmlmr262byztwz4kzhggjlzumvc2ndvgytzoucr2tkgxf7mid"
    }
  ],
  "id": "did:onion:fscst5exmlmr262byztwz4kzhggjlzumvc2ndvgytzoucr2tkgxf7mid",
  "VerificationMethod": [
    {
      "id": "#g7r2t9G8dBBnG7yZkD8sly3ImDlrntB25s2pGuaD97E",
      "type": "JsonWebKey2020",
      "controller": "did:onion:fscst5exmlmr262byztwz4kzhggjlzumvc2ndvgytzoucr2tkgxf7mid",
      "publicKeyJwk": {
        "crv": "Ed25519",
        "kty": "OKP",
        "x": "LIUp9Jdi2R17QcZnbPFZOYyV5oyotNHU2J5dQUdTUa4"
      }
    },
    {
      "id": "#5CRqmSH-XbX2V1qysBH0vPWzgveQEZObyOrAiaOY9U8",
      "type": "JsonWebKey2020",
      "controller": "did:onion:fscst5exmlmr262byztwz4kzhggjlzumvc2ndvgytzoucr2tkgxf7mid",
      "publicKeyJwk": {
        "crv": "X25519",
        "kty": "OKP",
        "x": "785EYGRUOU2sNrWMZJgsCgQFs4lXpVWgvM9K6CyBogU"
      }
    }
  ],
  "authentication": "#g7r2t9G8dBBnG7yZkD8sly3ImDlrntB25s2pGuaD97E",
  "assertionMethod": "#g7r2t9G8dBBnG7yZkD8sly3ImDlrntB25s2pGuaD97E",
  "capabilityInvocation": "#g7r2t9G8dBBnG7yZkD8sly3ImDlrntB25s2pGuaD97E",
  "capabilityDelegation": "#g7r2t9G8dBBnG7yZkD8sly3ImDlrntB25s2pGuaD97E",
  "keyAgreement": "#5CRqmSH-XbX2V1qysBH0vPWzgveQEZObyOrAiaOY9U8"
}

[OR13]

@ChristopherA your did document looks correct.

In my example i generated 2 keys, the first key I generate is for the identifiers (I am avoiding tor key conversion).

the second key is used in the did document, to derive the ed25519 and x25519 keys.

the identifiers for the keys are multicodec, per did key, but thats optional, they can be any url safe strings.

This is the script i use to generate the DID:

https://github.com/OR13/did-onion.js/blob/master/keys/gen.sh https://github.com/OR13/did-onion.js/blob/master/keys/hidden-service.yaml

I don't translate from TOR Keys, I just generate them once using that script and then generate the keys I want to use in the did document using:

https://github.com/OR13/did-onion.js/blob/master/packages/did-onion-cli/generate.js#L24

I think the issue may be confusion over the kid not being https://tools.ietf.org/html/rfc7638 for did key.

the id value of the verification methods can be any URL safe string, in did key its defined like this: https://w3c-ccg.github.io/did-method-key/#format

[OR13]

I suggest we add a note to the spec recommending https://tools.ietf.org/html/rfc7638 for JWK identifiers, and "did key multicodec identifiers" for base58 keys... this will help eliminate future confusion.

[gorazdko]

Comment added.