search

decentralized-identity / did-auth-jose

JOSE-based implementation of DID Authenticated Encryption
Apache License 2.0
39 stars 11 forks source link

Support for ion-test DID method #30

Open dstrockis opened 5 years ago

dstrockis commented 5 years ago

The DID method ion-test does not include a DID prefix in the document.publicKey[i].id or document.publicKey[i].publicKeyJwk.kid fields:

{
    "document": {
        "@context": "https://w3id.org/did/v1",
        "publicKey": [
            {
                "id": "#key-1",
                "type": "Secp256k1VerificationKey2018",
                "publicKeyJwk": {
                    "kty": "EC",
                    "kid": "#key-1",
                    "crv": "P-256K",
                    "x": "o2YecYyi5YFZW4BeLAbnf6euan5vrebAzWrovwogcWc",
                    "y": "TuEQGlpN8EzVK1q_ZTiI695JpxviQXy4p9AXz3LDgKE",
                    "use": "verify",
                    "defaultEncryptionAlgorithm": "none",
                    "defaultSignAlgorithm": "ES256K"
                }
            }
        ],
        "id": "did:ion-test:EiBrYcP56nGWvx_tli7nEyori5rCgu_eo0eNljMqNU__tQ"
    },
    "resolverMetadata": {
        "driverId": "did:ion-test",
        "driver": "HttpDriver",
        "retrieved": "2019-05-09T20:35:45.347Z",
        "duration": "32.8782ms"
    }
}

This causes did-auth-jose to fail when looking for matching keys in a DID document. So, we either need to modify did-auth-jose to accept key IDs without the prefix, or go modify the ion-test method. The DID specification is not clear on whether or not the prefix is required.

I did a bit of digging, and these are the places I could find that need modification:

OR13 commented 4 years ago

IMO the use of id fields such as #key-1 is a bad practice, we should be encouraging the use of compound identifiers, such as ${did}#key-${kid} where kid is generated according to https://tools.ietf.org/html/rfc7638

OR13 commented 4 years ago

^ apparently commenting unassigned @alundeen, i'm not able to reassign.

OR13 commented 4 years ago

Related spec conversation regarding supported public key formats:

https://github.com/w3c/did-spec/issues/67

My preference is for the following structure:

{
      "id": "did:btcr:xxcl-lzpq-q83a-0d5#key-JUvpllMEYUZ2joO59UNui_XYDqxVqiFLLAJ8klWuPBw",
      "type": "EcdsaSecp256k1VerificationKey2019",
      "publicKeyJwk": {
        "crv": "secp256k1",
        "kid": "JUvpllMEYUZ2joO59UNui_XYDqxVqiFLLAJ8klWuPBw",
        "kty": "EC",
        "x": "dWCvM4fTdeM0KmloF57zxtBPXTOythHPMm1HCLrdd3A",
        "y": "36uMVGM7hnw-N6GnjFcihWE3SkrhMLzzLCdPMXPEXlA"
      }
    },
OR13 commented 4 years ago

Also related DIDComm thread on JWE format and kid interop: https://github.com/decentralized-identity/DIDComm-js/issues/8