[[LD-SIGNATURES]] provide an ability to embed integrity and authentication cryptographic capabilities inside [[JSON]] documents. This property is desirable, especially when compared to the opaque nature of string based representations such as [[JWT]].
Some implementers do not desire to leverageg [[JSON-LD]], or other properties of RDF and Linked Data Formats. The purpose of this suite is to define a Linked Data Suite that does not use [[RDF-DATASET-NORMALIZATION]], but that produces [[JSON]] documents that look like [[JSON-LD]] documents with [[LD-SIGNATURES]].
Because this suite cannot assume JSON-LD features such as documentLoaders or canonicalization algorithm. Extra guidance is required for implementers who wish to use this suite without these features.
This suite is not compatible with JSON-LD.
DID Configuration is a draft specification being developed within the Decentralized Identity Foundation (DIF), and intended for registration with W3C CCG Linked Data Crypto Suite Registry. This spec will be updated to reflect relevant changes, and participants are encouraged to contribute at the following repository location: https://github.com/decentralized-identity/JcsEd25519Signature2020
The following terms are used to describe concepts involved in the generation and verification of the JCS Ed25519 Signature 2020 signature suite.
See the normative definition here, [[vc-data-model]].
See the normative definition here, [[json-ld11-api]].
See the normative definition here, [[json-ld11-api]].
The key format is Ed25519VerificationKey2018.
An Ed25519VerificationKey2018 using this suite MUST contain a
publicKeyBase58
property.
{ "id": "did:example:123", "publicKey": [ { "id": "did:example:123#key-1", "type": "Ed25519VerificationKey2018", "controller": "did:example:123", "publicKeyBase58": "4CcKDtU1JNGi8U4D8Rv9CHzfmF7xzaxEAPFA54eQjRHF" } ] }
When the suite is used with [[JSON]] a verifier MUST derefence the controller referenced by verificationMethod. Iterate the properties of the controller and find the key material matching the verificationMethod property value in the proof.
This signature suite MUST be used in conjunction with the signing and verification algorithms in the Linked Data Signatures [[LD-SIGNATURES]] specification. The suite consists of the following algorithms:
Parameter | Value | Specification |
---|---|---|
canonicalizationAlgorithm | JSON Canonicalization Scheme (JCS) | [[JCS]] |
digestAlgorithm | SHA-256 | [[RFC6234]] |
signatureAlgorithm | Ed25519 | [[RFC8032]] |
The Create Verify Data Algorithm has been replaced with a deterministic transformation of document to be signed and proof object.
A document signed with JCS Ed25519 Signature 2020 MUST contain a proof
property.
Proofs are generated using the following algorithm:
{ "id": "did:test:36FC2p3yXoxcoVBn73qxPx", "publicKey": [ { "id": "did:test:36FC2p3yXoxcoVBn73qxPx#key-1", "type": "Ed25519VerificationKey2018", "controller": "did:test:36FC2p3yXoxcoVBn73qxPx", "publicKeyBase58": "295nPvQHCdfXT8N275Hme434Z2NqZY5y3NN7rdts8Ew1" } ], "authentication": null, "service": [ { "id": "test-service-1", "type": "test-service", "serviceEndpoint": "https://test-service.com/test-service" } ], "proof": { "created": "2020-09-24T16:43:29Z", "proofPurpose": "assertionMethod", "verificationMethod": "did:test:36FC2p3yXoxcoVBn73qxPx#key-1", "nonce": "fd2ccdaa-a9eb-4927-9ad2-3c0ad84546d5", "signatureValue": "2Ha72f5KqowpAeLxF2UvDBYgknLiHeBk9W6g7FHhPTd26M5qDgSfmWrpJareNp3bb9apwfUKysjFmbFcEN4LXLg7", "type": "JcsEd25519Signature2020" } }
The following section describes security considerations that developers implementing this specification should be aware of in order to create secure software.
This document contains examples that contain [[JSON]] and [[JSON-LD]] content.
Some of these examples contain characters that are invalid, such as
inline comments (//
) and the use of ellipsis
(...
) to denote information that adds little value to the
example. Implementers are cautioned to remove this content if they
desire to use the information as valid [[JSON]], or [[JSON-LD]].