w3c-ccg / lds-jws2020

Linked Data Signatures for JWS

https://www.w3.org/community/reports/credentials/CG-FINAL-lds-jws2020-20220721/

decentralized-identifiers jose json-ld jwe jwk jws linked-data verifiable-credentials

This repo is now deprecated.

This work has moved to the W3C VCWG, you can open issues, comment on PRs or engage on the latest version here:

https://github.com/w3c/vc-jws-2020

See the W3C Verifiable Credentials Working Group.

Linked Data Signatures for JWS

Interop Test Suite

See JWS-Test-Suite.

See the repo above for links to implementations in Java, Rust and TypeScript.

Security Considerations

You should be aware that some of these curves are not considered safe:

https://safecurves.cr.yp.to/

If you will only ever need to support Ed25519 or only Secp256k1, you should consider using a restricted Linked Data Signature Suite like:

Supported JOSE Algorithms

The expected alg will be determined by the following table.

kty	crvOrSize	signature	keyAgreement	encryption
OKP	Ed25519	EdDSA
OKP	X25519		ECDH	ECDH-ES+A256KW
EC	secp256k1	ES256K	ECDH
RSA	2048	PS256		RSA-OAEP
EC	P-256	ES256	ECDH	ECDH-ES+A256KW
EC	P-384	ES384	ECDH	ECDH-ES+A256KW

Anything else will result in an unsupported alg error.

Suite Details

Per ld-signatures, this Signature Suite defines the following:

{
  "id": "https://w3c-ccg.github.io/lds-jws2020/contexts/#JsonWebSignature2020",
  "type": "SignatureSuite",
  "canonicalizationAlgorithm": "https://w3id.org/security#URDNA2015",
  "digestAlgorithm": "https://tools.ietf.org/html/rfc4634#section-4.2.2",
  "signatureAlgorithm": "https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms"
}

See the Linked Data Signature Suite Vocabulary.

Credits and Support

Works with:

About

Linked Data Signatures for JWS

https://www.w3.org/community/reports/credentials/CG-FINAL-lds-jws2020-20220721/

decentralized-identifiers jose json-ld jwe jwk jws linked-data verifiable-credentials

Other