search

veres-one / did-veres-one

A Decentralized Identifier utility library for Veres One
BSD 3-Clause "New" or "Revised" License
9 stars 4 forks source link

Add helper method to fetch capabilityInvocation key from DID Doc #10

Closed dmitrizagidulin closed 5 years ago

dmitrizagidulin commented 5 years ago

Context, @mattcollier and I were discussing "how do you get a capability invocation key instance from a DID Doc (so you can pass it to jsonld-signatures etc)", and currently we're doing it like this:

const invokeKeyData = this.doc.capabilityInvocation[0].publicKey[0];
const keyPair = await LDKeyPair.from(invokeKeyData);

And Matt said, "we need something better than that" (especially the array stuff), and I completely agree. Alternatives below, in comments.

dmitrizagidulin commented 5 years ago

One option on how to do this would be something like:

const sign = didDoc.getSignMethod({proofPurpose, ...options})
// so you can pass it to jsonld-signatures

jsonldSignatures.sign(doc, { sign })

Note: Since there can be potentially multiple keys for a proof purpose, this will return just the first non-revoked key (or rather, a signing method for that key) with an option to return all of them (in case that's ever needed).

Once we need to return a method based on some other key than just the first one, we can pass in various options like keyId or key name, to specify which one.

(Also, options includes passphrase, for encrypted keys)

dmitrizagidulin commented 5 years ago

Same logic for a didDoc.getVerifyMethod({proofPurpose})

dmitrizagidulin commented 5 years ago

Also, throw a "Not Found" Error if there's no appropriate key in the did doc.

mattcollier commented 5 years ago

@gannan08 @dmitrizagidulin @dlongley straighten me out on this... A signed document with proofPurpose looks like this:

{
  "@context": "https://w3id.org/webledger/v1",
  "schema:image": "https://manu.sporny.org/images/manu.png",
  "name": "Manu Sporny",
  "schema:url": "https://manu.sporny.org/",
  "proof": {
    "type": "RsaSignature2018",
    "created": "2018-11-12T22:51:50Z",
    "creator": "https://example.com/i/alice/keys/1",
    "jws": "eyJhbGciOiJQUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..VrIiWyFeuVYJfz84FThg1WiDXcG4UqErJH6QluFyzxUpkLtOP-t2ysDVty6A8gSyjmKkm5rULwO3UO5V2rqKFU1XWEpcH3avO2R8agj-qQcj5Z2p-PlzA8dAb6j_gvs73nuncNRaTf2iyT1q5073KEXPEVJyIoedY1fcOYVT_gM",
    "proofPurpose": "https://example.org/special-authentication"
  }
}

Based on our discussion today, the sign method, is supposed to accept a string/buffer and returned the signature. So, jsonld-signatures is still constructing the proof object is that right?

So, in addition to the sign function, we need to pass in the creator and type somehow?

Or, should getSignMethod return something like:

{
  api: () => {<signerApi>},
  type: 'RsaSignature2018',
  creator: 'https://example.com/i/alice/keys/1'
}
dmitrizagidulin commented 5 years ago

Implemented, closing.