Closed clehner closed 3 years ago
Yes, I believe the verification method/credential must contain the public key for tz1, but for tz2 and tz3 you can use ecrecover
because it is supported by ECDSA.
This was implemented, for tz1
, in https://github.com/spruceid/ssi/pull/76 and https://github.com/spruceid/ssi/pull/92.
I put the publicKeyJwk
in the proof object. publicKeyBase58
would be more compact so maybe could use that in the future (did-core
allows either key representation).
These proof type and verification method type should probably be specified in their own document or in this one:
Ed25519BLAKE2BDigestSize20Base58CheckEncodedSignature2021
Ed25519PublicKeyBLAKE2BDigestSize20Base58CheckEncoded2021
For comparison these are the specs for the other proof/key types that DIDKit supports:
Examples of Derived
did:tz
DID documents include apublicKeyBase58
value. How is this derived? Since Tezos addresses are based on a hash of the public key, doesn't this mean a resolver cannot derive a Tezos DID's public key from the DID alone? A verifier needs the public key to verify a proof signed by adid:tz
. Public keys could be retrieved from the blockchain/network, but I understand thatdid:tz
addresses are supposed to able to work offine, also before any rotations. To enable verification for the offline use case, I think a VC/VP issuer will need to include their public key in the proof and/or credential/presentation. Typically a proof references its public key for verification using theverificationMethod
property with a URL or DID URL. Possibly we could add a query string or path to the DID, and use that for theverificationMethod
. Then the resolver could use the query string or path to reconstruct the public key in the DID document.