Closed mistermoe closed 10 months ago
great point @decentralgabe we should definitely do that. will update the PR to reflect
just a comment (non blocking) - I would recommend adding vectors for all the key type/algs we support. I've run into issues by assuming these work and realizing much later they in fact don't. Forcing compatibility with each support key type here will prevent that risk.
Great point. One thing to note is that we're not yet at a point of consistent support for crypto algs across the web5-*
libs:
web5-js
and web5-kt
support secp256k1
web5-js
and web5-kt
haven't added support for secp256r1
(aka P-256
) yetweb5-js
supports X25519
but web5-kt
doesn't yetweb5-rs
is quickly evolving but I think it supports secp256k1
, secp256r1
, and Ed25519
but not yet X25519
We could always expand the did:jwk
test vector to include what should be supported and not run the vector for all SDKs until their crypto packages are fully compliant.
Do we want to consider canonicalizing the public key before Base64URL encoding?
per the spec it is optional:
Canonicalization such as JCS is not required but may be helpful if the resulting DID isn't going to be stored in its serialized form.
I thought that would be part of creation, but I believe this PR is only for resolution
Do we want to consider canonicalizing the public key before Base64URL encoding? per the spec it is optional:
Canonicalization such as JCS is not required but may be helpful if the resulting DID isn't going to be stored in its serialized form.
I thought that would be part of creation, but I believe this PR is only for resolution
It is but this PR's resolution results are based on not-canonicalizing the public key. As a result, if a web5-*
implementation does canonicalization it will fail this vector.
Do we want to consider canonicalizing the public key before Base64URL encoding? per the spec it is optional:
Canonicalization such as JCS is not required but may be helpful if the resulting DID isn't going to be stored in its serialized form.
I thought that would be part of creation, but I believe this PR is only for resolution
It is but this PR's resolution results are based on not-canonicalizing the public key. As a result, if a
web5-*
implementation does canonicalization it will fail this vector.
I'm a bit confused still, hoping you can help me understand.
Are you suggesting that resolution should canonicalize the encoded JWK before putting it in the did document? I.e. something like the following
resolve("did:jwk:<foo>").didDocument.verificationMethod[0].publicKeyJwk == canonicalize(decode64url("<foo>"))
Canonicalization was removed from the latest draft, so I would advise against it https://github.com/quartzjer/did-jwk/pull/21/files
Canonicalization was removed from the latest draft, so I would advise against it https://github.com/quartzjer/did-jwk/pull/21/files
Excellent insight! Thanks @decentralgabe. Makes the decision easy.
updated vectors to include supported cryptographic algorithms - secp256k1
& Ed25519
README
to describe inputs and outputs ofdid:jwk
test vectorsdidResolutionResult
from output. Inclusion of this property left room to believe that theresolve
implementations should contain a literaldidResolutionResult
propertydidDocumentMetadata
to output where missing. Note: on success, this will always be an empty object fordid:jwk
didResolutionMetadata
to output where missing. Note: on success, this will always be an empty object fordid:jwk