search

WebOfTrust / keripy

Key Event Receipt Infrastructure - the spec and implementation of the KERI protocol
https://keripy.readthedocs.io/en/latest/
Apache License 2.0
55 stars 53 forks source link

deterministic representation of secp256k1 key #825

Closed lemoustachiste closed 1 month ago

lemoustachiste commented 1 month ago

Hi,

I have this public key in another file which is bound to a bitcoin address:

"publicKeyJwk": {
        "kty": "EC",
        "crv": "secp256k1",
        "x": "BpBt2iJlQGm3QpG5r0mJNDxwXXFlRAWdZsHWWIK_HBY",
        "y": "tlbW6AMB3MmRk1JbWNZhc77q8TnSxgJidpvyA0rH0BI"
      }

This is generated by a seed phrase as described by BIP-39.

I now would like to convey this key with a did:webs document, so that I can later prove ownership of the bitcoin address.

However I am confused as to how to achieve this with the different aspects of KERI. The idea being to follow this guide: https://github.com/hyperledger-labs/did-webs-resolver/blob/main/GETTING_STARTED.md#create-a-cryptographic-salt-to-secure-your-keri-identifier, I have this small python script which reads the seed and then gives me the (secp256k1) salt which I use in the rest of the tutorial:

seed = read_seed(os.path.join('seed_phrase.txt'))
print('seed:', seed)
byteseed = bytearray(seed, 'utf-16')

print("byteseed", byteseed)

# see https://github.com/WebOfTrust/keripy/blob/3febc54a463125a4cc3d86d694e57004134b2092/src/keri/app/cli/commands/salt.py#L26
salt = Salter(raw=byteseed)
print("salt", salt.qb64)

signerFromSalt = salt.signer(code=MtrDex.ECDSA_256k1_Seed,
                                     transferable=True,
                                     path="",
                                     tier=None,
                                     temp=False)
print("signer from salt", signerFromSalt.qb64)

# https://github.com/WebOfTrust/keripy/blob/3febc54a463125a4cc3d86d694e57004134b2092/tests/core/test_signing.py#L330
signer = Signer(raw=byteseed, code=MtrDex.ECDSA_256k1_Seed)
print("signer from seed", signer.qb64)

The result is constant so that's a good first step, I imagine.

Now if I use the did:webs library from hyperledger-labs to generate the did document (https://github.com/hyperledger-labs/did-webs-resolver/blob/main/src/dkr/core/didding.py#L96), I end up with different values. Putting aside the hard-coded Ed25519 crv and OKP kty , the x property does not align with what I originally have:

 "publicKeyJwk": {
          "kid": "DOI5Zx_jYsMX13sFZ1aYWvjcu3zmWGBXZe57bFib8Wt1",
          "kty": "OKP",
          "crv": "Ed25519",
          "x": "4jlnH-NiwxfXewVnVpha-Ny7fOZYYFdl7ntsWJvxa3U"
        }

My understanding is that I cannot just paste in the publicKeyJwk I currently have in the did:webs document as it needs to be bound to the keri.cesr file.

Could you guide me towards the light here on how I could represent my current JWK key into a valid did:webs/keri structure? I am also confused as to the difference between the salt and the signer, could you help clarify why the salt depends on secp256k1 in this case, and if the signer is ultimately relatable to the publicKeyJwk representation of my BTC address?

Thanks

2byrds commented 1 month ago

@lemoustachiste your question seems to be for the hyperledger-labs did:webs repo. If I had cycles to look into this right now I would use the hyperledger-labs did:webs unit tests related to did document generation and analyze the debugger process to understand why/how the value changed.