Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement JcsTezosSignature2021 #237

Merged
merged 1 commit into from
Aug 31, 2021
Merged

Implement JcsTezosSignature2021 #237

merged 1 commit into from
Aug 31, 2021

Conversation

clehner
Copy link
Contributor

@clehner clehner commented Jul 27, 2021
edited
Loading

Linked data proof type for signing with Tezos wallets. Like TezosSignature2021 (#170) but not using RDF canonicalization. Instead, uses JCS.

  • Initial implementation
  • Allow proof with Tezos-style public key instead of publicKeyJwk
    • Support tz1, tz2, and tz3
  • Add warning about this method being experimental
  • Discuss public key and signature encoding: wrote paragraph below

Public key and signature encoding

While TezosSignature2021 includes the public key in the proof object in the publicKeyJwk property, here the public key is instead encoded in a publicKeyMultibase property. The purpose of this is to more closely follow Tezos's native format (e.g. edpk...), for easier inspection and verification. Tezos's native key and signature format use base58 with ASCII prefixes. There is a publicKeyBase58 format which used to be defined in DID Core but now has been deprecated in favor of publicKeyMultibase. Fortunately a base58 string can be converted to a multibase string simply by prepending the character "z". So that is the format used here, as seen in the added example VC. publicKeyMultibase is expected to use multicodec, according to Security Vocab, but that doesn't seem to be a hard requirement. A helper function to convert a JWK to a Tezos string is needed here and added in #267.
For the signature value (proofValue property), the format is the same as in TezosSignature2021: the edpk value. There doesn't seem to be an expected or required type for proofValue, so this seems okay.

Example

Signing request (Temple wallet):
JcsTezosSignature2021-signing-request-Temple
Payload:

Tezos Signed Message: {\"@context\":[\"https://www.w3.org/2018/credentials/v1\"],\"credentialSubject\":{\"id\":\"did:pkh:tz:tz1TwZZZSShtM73oEr74aDtDcns3UmFqaca6\"},\"issuanceDate\":\"2021-07-27T19:37:15.715Z\",\"issuer\":\"did:pkh:tz:tz1TwZZZSShtM73oEr74aDtDcns3UmFqaca6\",\"proof\":{\"@context\":{\"TezosJcsSignature2021\":{\"@context\":{\"@protected\":true,\"@version\":1.1,\"challenge\":\"https://w3id.org/security#challenge\",\"created\":{\"@id\":\"http://purl.org/dc/terms/created\",\"@type\":\"http://www.w3.org/2001/XMLSchema#dateTime\"},\"domain\":\"https://w3id.org/security#domain\",\"expires\":{\"@id\":\"https://w3id.org/security#expiration\",\"@type\":\"http://www.w3.org/2001/XMLSchema#dateTime\"},\"id\":\"@id\",\"nonce\":\"https://w3id.org/security#nonce\",\"proofPurpose\":{\"@context\":{\"@protected\":true,\"@version\":1.1,\"assertionMethod\":{\"@container\":\"@set\",\"@id\":\"https://w3id.org/security#assertionMethod\",\"@type\":\"@id\"},\"authentication\":{\"@container\":\"@set\",\"@id\":\"https://w3id.org/security#authenticationMethod\",\"@type\":\"@id\"},\"id\":\"@id\",\"type\":\"@type\"},\"@id\":\"https://w3id.org/security#proofPurpose\",\"@type\":\"@vocab\"},\"proofValue\":\"https://w3id.org/security#proofValue\",\"publicKeyMultibase\":{\"@id\":\"https://w3id.org/security#publicKeyMultibase\",\"@type\":\"https://w3id.org/security#multibase\"},\"type\":\"@type\",\"verificationMethod\":{\"@id\":\"https://w3id.org/security#verificationMethod\",\"@type\":\"@id\"}},\"@id\":\"https://w3id.org/security#TezosJcsSignature2021\"}},\"created\":\"2021-07-27T19:37:15.716Z\",\"proofPurpose\":\"assertionMethod\",\"publicKeyMultibase\":\"zedpkuxZ5AQVCeEJ9inUG3w6VFhio5KBwC22ekPLBzcvub3QY2DvJ7n\",\"type\":\"TezosJcsSignature2021\",\"verificationMethod\":\"did:pkh:tz:tz1TwZZZSShtM73oEr74aDtDcns3UmFqaca6#TezosMethod2021\"},\"type\":[\"VerifiableCredential\"]}

Resulting VC: https://github.com/spruceid/ssi/blob/57ca1bfd1e451f75dc3c86e7f8cfa22307d2613e/did-pkh/tests/vc-tz1-jcs.jsonld

Base automatically changed from feat/ldp-dedup to main July 27, 2021 19:44
@sbihel
Copy link
Member

sbihel commented Jul 28, 2021

I'm thinking the name of the signature should maybe be TezosSignedMessageJcsSignature2021 or something like that to reflect that it's still using the Tezos Signed Message representation (meaning it's not "pure" JCS)?

@clehner clehner mentioned this pull request Aug 19, 2021
Merged
@bumblefudge
Copy link
Contributor

Merging soon pending further warning message feature but future PRs will further refine based on ongoing discussions re: standard Tezos signing format.

@clehner clehner mentioned this pull request Aug 24, 2021
Merged
@clehner clehner force-pushed the feat/tezos-jcs-sig branch 2 times, most recently from 9f874b1 to 80259be Compare August 25, 2021 14:52
@clehner
Copy link
Contributor Author

clehner commented Aug 25, 2021

  • Warning added. Verification result now looks like this:
$ didkit vc-verify-credential < did-pkh/tests/vc-tz1-jcs.jsonld | jq .
{
  "checks": [
    "proof"
  ],
  "warnings": [
    "TezosJcsSignature2021 is experimental."
  ],
  "errors": []
}

@clehner clehner marked this pull request as ready for review August 25, 2021 14:55
@clehner clehner requested a review from sbihel August 25, 2021 15:01
@clehner clehner merged commit 092db1a into main Aug 31, 2021
@clehner clehner deleted the feat/tezos-jcs-sig branch August 31, 2021 22:04
This was referenced Sep 7, 2021
Open
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sbihel sbihel sbihel approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@clehner @sbihel @bumblefudge