This specification describes a mechanism for ensuring the authenticity and integrity of Linked Data documents using digital signatures created with OpenPGP.
OpenPgpSignature2019 is a draft specification being developed within the Decentralized Identity Foundation (DIF), and intended for registration with W3C. This spec will be updated to reflect relevant changes, and participants are encouraged to contribute at the following repository location: https://github.com/decentralized-identity/OpenPgpSignature2019
Term | Description |
---|---|
Decentralized Identifier (DID) | Unique ID string and PKI metadata document format for describing the cryptographic keys and other fundamental PKI values linked to a unique, user-controlled, self-sovereign identifier in a target system (i.e. blockchain, distributed ledger). |
Linked Data Signature (DID) | A set of attributes that represent a Linked Data digital signature and the parameters required to verify it. See [[LD-SIGNATURES]]. |
signature suite | A specified set of cryptographic primitives typically consisting of a canonicalization algorithm, a message digest algorithm, and a signature algorithm that are bundled together by cryptographers for developers for the purposes of safety and convenience. |
canonicalization algorithm | An algorithm that takes an input document that has more than one possible representation and always transforms it into a canonical form. This process is sometimes also called CANONICALIZATION. |
message digest algorithm | An algorithm that takes an input message and produces a cryptographic output message that is often many orders of magnitude smaller than the input message. These algorithms are often 1) very fast, 2) non-reversible, 3) cause the output to change significantly when even one bit of the input message changes, and 4) make it infeasible to find two different inputs for the same output. |
signature algorithm | An algorithm that takes an input message and produces an output value where the receiver of the message can mathematically verify that the message has not been modified in transit and came from someone possessing a particular secret. |
The name of this signature suite. This value will be present in the proof type to indicate that this is the suite to be used to verify the proof. See example-2
The name of this public key type used by this signature suite. This value will be present in the publicKey array of a controller.
The value of a public key used by this signature suite. This value will be present in the publicKey array of a controller. The value of this key must be an ascii armored public key. See rfc4880#section-6.2
The value of a signature produced by this signature suite. This value will be present in the proof of a signed linked data document. This value must be an ascii armored message. See rfc4880#section-6.2
The OpenPGP Signature 2019 signature suite MUST be used in conjunction with the signing and verification algorithms in the Linked Data Signatures [[LD-SIGNATURES]] specification. The suite consists of the following algorithms:
Parameter | Value | Specification |
---|---|---|
canonicalizationAlgorithm | https://w3id.org/security#GCA2015 | [[RDF-DATASET-CANONICALIZATION]] |
digestAlgorithm | https://www.ietf.org/assignments/jwa-parameters#SHA256 | [[RFC6234]] |
signatureAlgorithm | Open PGP Detached Signatures | [[RFC4880]] |
This signature suite uses detached Open PGP Signatures as described in [[RFC4880]]. The signature algorithm used is determined by the key type provided, armored OpenPGP keys contain the information necessary to know the specific method, and this flexibility supports integration with exiting software systems that use OpenPGP, GPG or PGP. The steps to construct and verify the digital signature are defined below.
The digital signature algorithm defined in Section 11.4:
Signature Algorithm takes tbs, a privateKey,
and options as inputs and produces a
signatureValue as output.
The digital signature algorithm defined in Section 11.4:
Signature Verification Algorithm takes the value to be verified,
tbv, the public key to the signature algorithm
and returns a boolean value.
Signature Algorithm
-----BEGIN PGP SIGNATURE-----\r\nVersion: OpenPGP.js...
.
Verification Algorithm
true
, otherwise return false
.
The following section describes security considerations that developers implementing this specification should be aware of in order to create secure software.
This Signature Suite relies on the security and assumptions made by any compatibile OpenPGP library. We assume that sign and verify detached are implemented safely for all supported key types.
{ "@context": ["http://schema.org/", "https://w3id.org/security/v1"], "description": "Hello world!", "proof": { "type": "OpenPgpSignature2019", "verificationMethod": "did:btcr:xxcl-lzpq-q83a-0d5#yubikey", "proofPurpose": "assertionMethod", "created": "2019-08-11T03:54:13.310Z", "signatureValue": "-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQEzBAABCgAdFiEE8b0S9xIG+...\n-----END PGP SIGNATURE-----\n" } }
{ "@context": ["http://schema.org/", "https://w3id.org/security/v1"], "description": "Hello world!", "proof": { "type": "OpenPgpSignature2019", "created": "2017-10-24T05:33:31Z", "verificationMethod": "https://example.com/jdoe/keys/1", "domain": "example.com", "signatureValue": "wl4EARMIAAYFAlw6...KOAACgkQSnoBzSruDWC" } }