Closed dmitrizagidulin closed 5 years ago
One option on how to do this would be something like:
const sign = didDoc.getSignMethod({proofPurpose, ...options})
// so you can pass it to jsonld-signatures
jsonldSignatures.sign(doc, { sign })
Note: Since there can be potentially multiple keys for a proof purpose, this will return just the first non-revoked key (or rather, a signing method for that key) with an option to return all of them (in case that's ever needed).
Once we need to return a method based on some other key than just the first one, we can pass in various options like keyId
or key name
, to specify which one.
(Also, options
includes passphrase
, for encrypted keys)
Same logic for a didDoc.getVerifyMethod({proofPurpose})
Also, throw a "Not Found" Error
if there's no appropriate key in the did doc.
@gannan08 @dmitrizagidulin @dlongley straighten me out on this... A signed document with proofPurpose looks like this:
{
"@context": "https://w3id.org/webledger/v1",
"schema:image": "https://manu.sporny.org/images/manu.png",
"name": "Manu Sporny",
"schema:url": "https://manu.sporny.org/",
"proof": {
"type": "RsaSignature2018",
"created": "2018-11-12T22:51:50Z",
"creator": "https://example.com/i/alice/keys/1",
"jws": "eyJhbGciOiJQUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..VrIiWyFeuVYJfz84FThg1WiDXcG4UqErJH6QluFyzxUpkLtOP-t2ysDVty6A8gSyjmKkm5rULwO3UO5V2rqKFU1XWEpcH3avO2R8agj-qQcj5Z2p-PlzA8dAb6j_gvs73nuncNRaTf2iyT1q5073KEXPEVJyIoedY1fcOYVT_gM",
"proofPurpose": "https://example.org/special-authentication"
}
}
Based on our discussion today, the sign
method, is supposed to accept a string/buffer and returned the signatureproof
object is that right?
So, in addition to the sign
function, we need to pass in the creator
and type
somehow?
Or, should getSignMethod
return something like:
{
api: () => {<signerApi>},
type: 'RsaSignature2018',
creator: 'https://example.com/i/alice/keys/1'
}
Implemented, closing.
Context, @mattcollier and I were discussing "how do you get a capability invocation key instance from a DID Doc (so you can pass it to jsonld-signatures etc)", and currently we're doing it like this:
And Matt said, "we need something better than that" (especially the array stuff), and I completely agree. Alternatives below, in comments.