aries-cloudagent-python icon indicating copy to clipboard operation
aries-cloudagent-python copied to clipboard

Published 20 hours ago verified publisher icon hyperledger

Support for NIST P-256 curve as signature algorithm for W3C credentials

Open paulbastian opened this issue 2 years ago • 3 comments

Hello, in preparation for device-bound credentials as proposed in DIF Wallet Security I am looking into supported algorithms of the acapy. According to this issue and this documentation W3C Credentials only support two algorithms:

  • bbs+
  • ed25519

Both algorithms are not supported by (alomst) any hardware chips. The proposed solution is NIST p256 curve as signature proof algorithm, which is also provided by underlying askar wallet.

Have there been any ideas/thoughts/objections on integrating additional signature types?

paulbastian avatar Sep 07 '22 14:09 paulbastian

It should be straightforward to implement ECDSA signatures for P256, P384 (which will be in the next version), and secp256k1 when an Askar wallet is used. I think we also include native Python libraries which could be used for testing compatibility.

andrewwhitehead avatar Sep 07 '22 17:09 andrewwhitehead

We've done a proof of concept of this with Askar in a plugin and it was indeed pretty easy to implement. Quick and dirty, it was a matter of minutes. Preparing something for actually merging upstream would require more effort but still shouldn't be bad.

dbluhm avatar Sep 10 '22 14:09 dbluhm

Is there a reference open source implementation of ECDSA (secp256k1) for ACAPY?

nickz-t3 avatar Feb 08 '24 02:02 nickz-t3